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AMENDMENTS TO THE CLAIMS 

1. (Currently Amended) An information management system comprising: 

a plurality of workstations adapted for connection to a computer network, each 
workstation having a memory; 

a data repository arranged to receive data from each of said workstations; 

an application stored in said memory of each workstation for transmitting outbound data 
to said network and receiving inbound data from said network; 

policy data containing rules defining relevant commercial data which is to be stored in 
said data repository; and 

an analyser, said analyser being operable in conjunction with said policy data to monitor 
at least one of said outbound data and said inbound data, to identify in at least one of said 
outbound data and said inbound data, relevant commercial data that is to be stored in said data 
repository in accordance with said rules in said policy data, and to cause said relevant 
commercial data to be stored in said data repository. 

2. (Currently Amended) The system of claim 1 wherein said relevant commercial data that 
is to be stored in said data repository is encrypted prior to it being transmitted to said data 
repository. 

3. (Currently Amended) The system of claim 1 wherein said relevant commercial data that 
is stored in said data repository is encrypted. 

4. (Original) The system of claim 1 wherein said computer network, to which said one 
or more workstations are adapted for connection, is the Internet. 

5. (Currently Amended) The system of claim 4 wherein said analyser is operable to 
identify, as relevant commercial data, at least one of usernames and passwords used to identify a 
user, and usernames and passwords used to access web pages on the Internet, and the URL 
address of the web page at which those usernames and passwords are used, said identified 
usernames, passwords and said identified URLs being stored in said data repository. 
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6. (Original) The system of claim 5 wherein said analyser is operable to identify 
usernames and passwords from the field names of data contained in at least one of said outbound 
data and said inbound data. 

7. (Original) The system of claim 5 wherein a representation of the input fields of a web 
page is stored in said memory of said one or more workstations, and wherein said analyser is 
operable to identify usernames and passwords from said representation. 

8. (Original) The system of claim 5 wherein said analyser is operable to identify 
usernames or passwords from the field types of data contained in said outbound or said inbound 
data. 

9. (Currently Amended) The system of claim 4 wherein said analyser is operable to 
identify, as relevant commercial data, digital certificates contained in at least one of said 
outbound or said inbound data or used to digitally sign signed data in said inbound data or said 
outbound data, or sufficient descriptive data to identify such digital certificates, said digital 
certificates and/or said descriptive data being stored in said data repository. 

10. (Currently Amended) The system of claim 9 wherein said analyser is operable to identify 
one or more of the following data as relevant commercial data: whether or not said digital 
certificate has been revoked; the identity of the holder of said digital certificate; the amount of 
any eCommerce transaction being made that is related to said digital certificate; the goods or 
services being sold in any eCommerce transaction being made with said digital certificate; the 
date of receipt of said digital certificate; and wherein said identified data is stored with said 
digital certificate in said data repository. 

1 1 . (Currently Amended) The system of claim 4 wherein the analyser is operable to identify 
when an eCommerce transaction is occurring and if an eCommerce transaction is identified as 
occurring, to identify in said outbound or said inbound data one or more of the following data as 
relevant commercial data: the URL address or e-mail address of the remote location to which 
outbound data is being transmitted or inbound data is being received; the web pages accessed by 
a user of said one or more workstations during the transaction; the amount of the transaction; the 
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goods or services being traded in the transaction; the date of the transaction; and wherein said 
relevant commercial data is stored in said data repository. 

12. (Original) The system of claim 1 wherein said analyser is located on each of said one 
or more workstations. 

13. (Original) The system of claim 1 wherein said application is a web browser. 

14. (Original) The system of claim 13 wherein said analyser is a plug-in module of said 
web browser. 

15. (Original) The system of claim 14 wherein said web browser is Microsoft's Internet 
Explorer and said analyser is a Browser Helper Object. 

16. (Original) The system of claim 1 wherein said application is an e-mail client. 

17. (Original) The system of claim 16 wherein said analyser is a plug-in module of said 
e-mail client. 

18. (Original) The system of claim 17 wherein said e-mail client is Microsoft's Outlook 
e-mail client and said analyser is a Microsoft Exchange client extension. 

19. (Original) The system of claim 1 wherein said network includes a server and said 
analyser is located at a point on said network intermediate said one or more workstations and 
said server, or said analyser is located at said server. 

20. (Currently Amended) The system of claim 1 further comprising a supervisor workstation, 
said supervisor workstation having access to said data repository and being operable to view said 
relevant commercial data stored in said data repository. 

21 . (Original) The system of claim 20 wherein said policy data is accessible by said 
supervisor workstation, such that a user of said supervisor workstation can edit said policy data. 

22. (Currently Amended) The system of claim 1 wherein a workstation of said plurality of 
workstations has access to said data repository and is operable to view said relevant commercial 
data stored in said data repository. 
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23. (Original) The system of claim 1 wherein said computer network to which said one 
or more workstations are adapted for connection is a public computer network, and wherein said 
one or more workstations together form a private computer network. 

24. (Currently Amended) A method of managing information comprising the steps of: 
providing a plurality of workstations adapted for connection to a computer network, each 

workstation having a memory; 

providing a data repository arranged to receive data from each of said workstations; 

providing an application stored in said memory of each workstation for transmitting 
outbound data to said network and receiving inbound data from said network; 

providing policy data containing rules defining relevant commercial data which is to be 
stored in said data repository; and 

analysing at least one of said outbound data and said inbound data, with reference to said 
policy data, to identify in at least one of said outbound data and said inbound data, relevant 
commercial data that is to be stored in said data repository in accordance with said rules in said 
policy data; and 

storing said relevant commercial data in said data repository. 

25. (Currently Amended) The method of claim 24 further comprising the step of encrypting 
said relevant commercial data that is to be stored in said data repository prior to it being stored in 
said data repository. 

26. (Currently Amended) The method of claim 24 further comprising the step of encrypting 
said relevant commercial data that is stored in said data repository after it has been stored in said 
data repository. 

27. (Original) The method of claim 24 wherein said computer network, to which said 
one or more workstations are adapted for connection, is the Internet. 

28. (Currently Amended) The method of claim 27 wherein in the analysing step, at least one 
of usernames and passwords used to identify a user, and usernames and passwords used access 
web pages on the Internet, and the URL address of those web pages, are identified as relevant 
commercial data. 
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29. (Original) The method of claim 28 wherein in said analysing step, usernames and 
passwords are identified from the field names of data contained in at least one of said outbound 
data and said inbound data. 

30. (Original) The method of claim 28 wherein a representation of the input fields of a 
web page is stored in said memory of said one or more workstations, and wherein in said 
analysing step usernames and passwords are identified from said representation. 

31. (Original) The method of claim 28 wherein in said analysing step usernames or 
passwords are identified from the field types of data contained in said outbound or said inbound 
data. 

32. (Currently Amended) The method of claim 27 wherein in said analysing step, digital 
certificates contained in at least one of said outbound or said inbound data or used to digitally 
sign signed data in said inbound or said outbound data, are identified as relevant commercial 
data, or sufficient descriptive data to identify such digital certificates, is identified as relevant 
commercial data. 

33. (Currently Amended) The method of claim 32 wherein said analysing step includes 
identifying one or more of the following data as relevant commercial data: whether or not said 
digital certificate has been revoked; the identity of the holder of said digital certificate; the 
amount of any eCommerce transaction being made that is related to said digital certificate; the 
goods or services being sold in any eCommerce transaction being made with said digital 
certificate; and the date of receipt of said digital certificate. 

34. (Currently Amended) The method of claim 27 wherein said analysing step includes 
identifying when an eCommerce transaction is occurring and if an on-line eCommerce 
transaction is identified as occurring, identifying in said outbound or said inbound data one or 
more of the following data as relevant commercial data: the URL address or e-mail address of 
the remote location to which outbound data is being transmitted or inbound data is being 
received; the web pages accessed by a user of said one or more workstations during the 
transaction; the amount of the transaction; the goods or services being traded in the transaction; 
the date of the transaction. 
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35. The method of claim 24 wherein said analysing step is carried out at said one or more 
workstations. 

36. (Original) The method of claim 24 wherein said application is a web browser. 

37. (Original) The method of claim 36 wherein said analysing step is performed by a 
plug-in module of said web browser. 

38. (Original) The method of claim 37 wherein said web browser is Microsoft's Internet 
Explorer and said plug-in module is a Browser Helper Object. 

39. (Original) The method of claim 24 wherein said application is an e-mail client. 

40. (Original) The method of claim 39 wherein said analysing step is performed by a 
plug-in module of said e-mail client. 

41. (Original) The method of claim 40 wherein said e-mail client is Microsoft's Outlook 
e-mail client and said plug-in module is a Microsoft Exchange client extension. 

42. (Original) The method of claim 24 wherein said network includes a server and said 
analysing step is performed at a point on said network intermediate said one or more 
workstations and said server, or said analysing step is performed at said server. 

43. (Currently Amended) The method of claim 24 further comprising the step of providing a 
supervisor workstation, said supervisor workstation having access to said data repository and 
being operable to view said relevant commercial data stored in said data repository. 

44. (Original) The method of claim 43 wherein said policy data is accessible by said 
supervisor workstation, such that a user of said supervisor workstation can edit said policy data. 

45. (Currently Amended) The method of claim 24 wherein a workstation of said plurality of 
workstations has access to said data repository and is operable to view said relevant commercial 
data stored in said data repository. 

46. (Original) The method of claim 24 wherein said computer network to which said one 
or more workstations are adapted for connection is a public computer network, and wherein said 
one or more workstations together form a private computer network. 
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47. (Withdrawn) A computer program product, for controlling a plurality of computers in a 
private network to manage information, the network having a data repository arranged to receive 
data from the plurality of computers and policy data containing rules defining relevant data 
which is to be extracted from at least one of outbound data transmitted to a public network or 
inbound data received from the public network and stored in the data repository, comprising: a 
recording medium readable by the computer, having program code recorded thereon which when 
executed on each of said plurality of computers, configures said computers to: analyses in 
conjunction with an application running on each of said computers that is operable to transmit 
the outbound data and receive the inbound data, at least one of said outbound data and said 
inbound data, with reference to said policy data, to identify in at least one of said outbound data 
and said inbound data, relevant data that is to be stored in said data repository in accordance with 
said rules in said policy data; and cause said relevant data to be stored in said data repository. 

48. (Withdrawn) The computer program product of claim 47 wherein said program code 
when executed on said computer is operable to cause said relevant data that is to be stored in said 
data repository to be encrypted prior to it being stored in said data repository. 

49. (Withdrawn) The computer program product of claim 47 wherein said program code 
when executed on said computer is operable to cause said relevant data that is stored in said data 
repository to be encrypted. 

50. (Withdrawn) The computer program product of claim 47 wherein said application is 
adapted to transmit outbound data to the Internet and receive inbound data from the Internet. 

5 1 . (Withdrawn) The computer program product of claim 50 wherein at least one of 
usernames and passwords used to identify a user, and usernames and passwords used to access 
web pages on the Internet, and the URL address of those web pages, are identified as relevant 
data. 

52. (Withdrawn) The computer program product of claim 5 1 wherein usernames and 
passwords are identified from the field names of data contained in at least one of said outbound 
data and said inbound data. 
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53. (Withdrawn) The computer program product of claim 5 1 wherein a representation of the 
input fields of a web page is stored in said memory of said one or more workstations, and 
wherein said usernames and passwords are identified from said representation. 

54. (Withdrawn) The computer program product of claim 5 1 wherein usernames or 
passwords are identified from the field types of data contained in said outbound or said inbound 
data. 

55. (Withdrawn) The computer program product of claim 50 wherein digital certificates 
contained in at least one of said outbound or said inbound data or used to digitally sign signed 
data in said inbound data or said outbound data, or sufficient descriptive data to identify any such 
digital certificates, are identified as relevant data. 

56. (Withdrawn) The computer program product of claim 55 wherein one or more of the 
following data are identified as relevant data: whether or not said digital certificate has been 
revoked; the identity of the holder of said digital certificate; the amount of any eCommerce 
transaction being made that is related to said digital certificate; the goods or services being sold 
in any eCommerce transaction being made with said digital certificate; and the date of receipt of 
said digital certificate. 

57. (Withdrawn) The computer program product of claim 50 wherein the program code 
when executed on said computer is further operable to: identify when an eCommerce transaction 
is occurring; and if an eCommerce transaction is identified as occurring, to identify in said 
outbound or said inbound data one or more of the following data as relevant data: the URL 
address or e-mail address of the remote location to which outbound data is being transmitted or 
inbound data is being received; the web pages accessed by a user of said one or more 
workstations during the transaction; the amount of the transaction; the goods or services being 
traded in the transaction; and the date of the transaction. 

58. (Withdrawn) The computer program product of claim 47 wherein said program code is 
executable at each of said computers. 

59. (Withdrawn) The computer program product of claim 47 wherein said application is a 
web browser. 
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60. (Withdrawn) The computer program product of claim 59 wherein said program code 
when executed on said computer is a plug-in module of said web browser. 

61. (Withdrawn) The computer program product of claim 60 wherein said web browser is 
Microsoft's Internet Explorer and said plug-in module is a Browser Helper Object. 

62. (Withdrawn) The computer program product of claim 47 wherein said application is an 
e-mail client. 

63. (Withdrawn) The computer program product of claim 62 wherein said program code 
when executed on said computer is a plug-in module of said e-mail client. 

64. (Withdrawn) The computer program product of claim 63 wherein said e-mail client is 
Microsoft's Outlook e-mail client and said plug-in module is a Microsoft Exchange client 
extension. 

65. (Withdrawn) The computer program product of claim 47 wherein said network includes 
a server and said program code is executable at a point on said network intermediate said one or 
more workstations and said server, or said program code is executable at said server. 

66. (Withdrawn) The computer program product of claim 47 further comprising program 
code recorded on the recording medium which when executed on a computer in said plurality of 
computers enables that computer as a supervisor workstation, said supervisor workstation having 
access to said data repository and being operable to view said relevant data stored in said data 
repository. 

67. (Withdrawn) The computer program product of claim 66 wherein said policy data is 
accessible by said supervisor workstation, such that a user of said supervisor workstation can edit 
said policy data. 

68. (Withdrawn) The computer program product of claim 47 further comprising program 
code recorded on the recording medium which when executed on a computer in said plurality of 
computers provides that computer with access to said data repository such that a users of said 
computer can view said relevant data stored in said data repository. 
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69. (Withdrawn) A system for recording passwords and usernames comprising: a plurality 
of workstations adapted for connection to the Internet, each workstation having a memory; a data 
repository arranged to receive data from each of said workstations; an application stored in said 
memory of each workstation for transmitting outbound data and receiving inbound data from the 
Internet; and/or an application for receiving user input data; and an analyser, said analyser being 
operable to monitor at least one of said input data, said outbound data and said inbound data, to 
identify usernames and passwords contained in said user input data, said outbound data or said 
inbound data, and to cause said usernames and passwords to be stored in said data repository. 

70. (Withdrawn) The system of claim 69 wherein said analyser is operable to determine 
whether the usernames and passwords are used to access a web page, and if they are, to identify 
the URL address of said web page and cause said URL to be stored in said data repository with 
said usernames and passwords. 

7 1 . (Withdrawn) The system of claim 69 wherein said relevant usernames and passwords 
data are encrypted prior to being transmitted to said data repository. 

72. (Withdrawn) The system of claim 69 wherein said relevant usernames and passwords 
that are stored in said data repository are encrypted. 

73. (Withdrawn) The system of claim 69 wherein said analyser is operable to identify said 
relevant usernames and passwords from the field names of data contained in at least one of said 
outbound data or said inbound data. 

74. (Withdrawn) The system of claim 69 wherein a representation of the input fields of a 
web page is stored in said memory of said one or more workstations, and wherein said analyser 
is operable to identify said relevant usernames and passwords from said representation. 

75. (Withdrawn) The system of claim 69 wherein said analyser is operable to identify said 
relevant usernames or passwords from the field types of data contained in said outbound or said 
inbound data. 

76. (Withdrawn) The system of claim 69 wherein said application has a user interface 
provided with a "remember password" option which when selected stores input usernames and 
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passwords in memory, and said analyser is operable to identify said relevant usernames and 
passwords in said input usernames and passwords stored in memory. 

77. (Withdrawn) The system of claim 69 wherein said analyser is located on each of said 
one or more workstations. 

78. (Withdrawn) The system of claim 69 wherein said application is a web browser. 

79. (Withdrawn) The system of claim 78 wherein said analyser is a plug-in module of said 
web browser. 

80. (Withdrawn) The system of claim 79 wherein said web browser is Microsoft's Internet 
Explorer and said analyser is a Browser Helper Object. 

81. (Withdrawn) The system of claim 69 wherein said network comprises a server and said 
analyser is located at a point on said network intermediate said one or more workstations and 
said server, or said analyser is located at said server. 

82. (Withdrawn) The system of claim 69 further comprising a supervisor workstation, said 
supervisor workstation having access to said data repository and being operable to view said 
relevant usernames and passwords stored in said data repository. 

83. (Withdrawn) The system of claim 69 wherein a workstation of said plurality of 
workstations has access to said data repository and is operable to view said relevant usernames 
and passwords stored in said data repository. 

84. (Withdrawn) A method for recording passwords and usernames comprising the steps of: 
providing a plurality of workstations adapted for connection to the Internet, each workstation 
having a memory; providing a data repository arranged to receive data from each of said 
workstations; providing an application stored in said memory of each workstation for 
transmitting outbound data and receiving inbound data from the Internet; and/or an application 
for receiving user input data; and analysing at least one of said user input data, said outbound 
data and said inbound data, to identify usernames and passwords; and causing said usernames 
and passwords to be stored in said data repository. 
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85. (Withdrawn) The method of claim 84 further comprising the steps of determining 
whether the usernames and passwords are used to access a web page, and if they are, identifying 
the URL address of said web page, and storing said URL in said data repository with said 
usernames and passwords. 

86. (Withdrawn) The method of claim 84 further comprising the step of encrypting 
usernames and passwords prior to being stored in said data repository. 

87. (Withdrawn) The method of claim 84 further comprising the step of encrypting the 
usernames and passwords that are stored in said data repository. 

88. (Withdrawn) The method of claim 84 wherein in said analysing step usernames and 
passwords are identified from the field names of data contained in at least one of said outbound 
data or said inbound data. 

89. (Withdrawn) The method of claim 84 wherein a representation of the input fields of a 
web page is stored in said memory of said workstation, and wherein in said analyser step 
usernames and passwords are identified from said representation. 

90. (Withdrawn) The method of claim 84 wherein in said analysing step usernames and 
passwords are identified from the field types of data contained in said outbound or said inbound 
data. 

91 . (Withdrawn) The method of claim 84 wherein said application has a user interface 
provided with a "remember password", option which when selected stores input usernames and 
passwords in said memory of said one or more workstations, and wherein in said analysing step 
usernames and passwords are identified from said input usernames and passwords stored in said 
memory of said one or more workstations. 

92. (Withdrawn) The method of claim 84 wherein said analysing step is performed on said 
one or more workstations. 

93. (Withdrawn) The method of claim 84 wherein said application is a web browser. 

94. (Withdrawn) The method of claim 93 wherein said analysing step is performed by a 
plug-in module of said web browser. 
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95. (Withdrawn) The method of claim 94 wherein said web browser is Microsoft's Internet 
Explorer and said plug-in module is a Browser Helper Object. 

96. (Withdrawn) The method of claim 84 wherein said network comprises a server and said 
analysing step is performed at a point on said network intermediate said one or more 
workstations and said server, or said analysing step is performed at said server. 

97. (Withdrawn) The method of claim 84 further comprising the step of providing a 
supervisor workstation, said supervisor workstation having access to said data repository and 
being operable to view said relevant usernames and passwords stored in said data repository. 

98. (Withdrawn) The method of claim 84 wherein a computer of said plurality of computers 
has access to said data repository and is operable to view said relevant usernames and passwords 
stored in said data repository. 

99. (Withdrawn) A computer program product, for controlling a plurality of computers in a 
private network to record passwords and usernames, the network having a data repository 
arranged to receive data from the plurality of computers, said computer program product 
comprising: a recording medium readable by the computer, having program code recorded 
thereon which when executed on each of said plurality of computers, configures said computers 
to: analyses, in conjunction with an application running on the computer that is operable to 
transmit outbound data to the Internet and receive inbound data from the Internet, and/or an 
application running on the computer for receiving user input data, at least one of said user input 
data, said outbound data and said inbound data, to identify in at least one of said user input data, 
said outbound data and said inbound data, relevant data that is to be stored in said data 
repository; and control said computer to store said relevant data in said data repository. 

100. (Withdrawn) The computer program product of claim 99 wherein said program code 
when executed on said computer is further operable to determine whether the usernames and 
passwords are used to access a web page, and if they are, to identify the URL address of said 
web page and to direct the computer to store said URL in said data repository with said 
usernames and passwords. 
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101 . (Withdrawn) The computer program product of claim 99 wherein said program code 
when executed on said computer is further operable to cause said usernames and passwords to be 
encrypted prior to them being stored in said data repository. 

102. (Withdrawn) The computer program product of claim 99 wherein said program code 
when executed on said computer is further operable to cause said usernames and passwords that 
are stored in said data repository to be encrypted. 

103. (Withdrawn) The computer program product of claim 99 wherein said program code 
when executed on said computer is operable to identify usernames and passwords from the field 
names of data contained in at least one of said outbound data or said inbound data. 

104. (Withdrawn) The computer program product of claim 99 wherein a representation of the 
input fields of a web page is stored in the memory of said computer, and wherein said program 
code when executed on said computer is operable to identify usernames and passwords from said 
representation. 

105. (Withdrawn) The computer program product of claim 99 wherein said program code 
when executed on said computer is further operable to identify usernames and passwords from 
the field types of data contained in said outbound or said inbound data. 

106. (Withdrawn) The computer program product of claim 99 wherein said application for 
receiving user input data has a user interface provided with a "remember password" option which 
when selected stores input usernames and passwords in said memory of said computer, and 
wherein said program code when executed on said computer is operable to identify usernames 
and passwords from said input usernames and passwords stored in said memory of said 
computer. 

107. (Withdrawn) The computer program product of claim 99 wherein said program code is 
executable at each of said computers. 

108. (Withdrawn) The computer program product of claim 99 wherein said application is a 
web browser. 
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109. (Withdrawn) The computer program product of claim 108 wherein said program code 
when executed on said computer is a plug-in module of said web browser. 

110. (Withdrawn) The computer program product of claim 109 wherein said web browser is 
Microsoft's Internet Explorer and said plug-in module is a Browser Helper Object. 

111. (Withdrawn) The computer program product of claim 99 wherein said network 
comprises a server and said program code is executable at a point on said network intermediate 
said computer and said server, or said program code is executable at said server. 

112. (Withdrawn) The computer program product of claim 99 further comprising program 
code which when executed on said computer enables that computer as a supervisor workstation, 
said supervisor workstation having access to said data repository and being operable to view said 
relevant usernames and passwords stored in said data repository. 

113. (Withdrawn) The computer program product of claim 99 wherein a computer of said 
plurality of computers has access to said data repository and is operable to view said relevant 
usernames and passwords stored in said data repository. 

114. (Original) An information management system comprising: 

one or more workstations adapted for connection to a computer network, each 
workstation having a memory; 

an application stored in said memory of each workstation for transmitting outbound data 
to said network and receiving inbound data from said network; 

policy data containing rules specifying an appropriate encryption strength for outbound 
data, the encryption strength depending on the content of the data; and 

an analyser, said analyser being operable in conjunction with said policy data to monitor 
said outbound data and to determine, in accordance with said rules in said policy data, an 
appropriate encryption strength for the outbound data; wherein said analyser controls 
transmission of said outbound data from said application in dependence upon said determination 
of an appropriate encryption strength. 
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115. (Original) The system of claim 1 14 wherein said rules in said policy data define 
confidential data which can not be transmitted, said analyser being operable in conjunction with 
said policy data to prevent said confidential data being transmitted from said application. 

116. (Original) The system of claim 1 14 wherein said analyser is further operable to 
determine the present encryption strength in use for transmitting said outbound data; and wherein 
said analyser controls transmission of said outbound data from said application both in 
dependence upon said determination of an appropriate encryption strength and in dependence 
upon said determination of the present encryption strength in use. 

117. (Original) The system of claim 116 wherein if the analyser determines that the 
present encryption strength in use for transmitting outbound data is less than said appropriate 
encryption strength, then said analyser prevents transmission of said outbound data from said 
application. 

118. (Original) The system of claim 116 wherein if the analyser determines that the 
present encryption strength in use for transmitting outbound data is less than said appropriate 
encryption strength, then said analyser prevents transmission of said outbound data from said 
application and controls said application to renegotiate an encryption strength for transmission 
that is appropriate. 

119. (Original) The system of claim 116 wherein if the analyser determines that the 
present encryption strength in use for transmitting outbound data is less than said appropriate 
encryption strength, then said analyser modifies the outbound data such that the present 
encryption strength is an appropriate encryption strength for the transmission of the modified 
outbound data. 

120. (Original) The system of claim 1 16 wherein if the analyser determines that the 
present encryption strength in use for transmitting outbound data is less than said appropriate 
encryption strength, then said analyser controls said application to notify a user of said 
application that the encryption strength in use is not sufficient. 

121. (Original) The system of claim 1 1 4 wherein the analyser is further operable to 
identify credit card numbers in said outbound data. 
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122. (Original) The system of claim 121 wherein the analyser is further operable to 
distinguish a predetermined set of credit card numbers from other credit card numbers, wherein 
said rules of said policy data define different appropriate encryption strengths for outbound data 
containing credit card numbers in the predetermined set than for other credit card numbers. 

123. (Original) The system of claim 122 wherein said rules of said policy data specify that 
there is no appropriate encryption strength for a pre-determined set of one or more credit card 
numbers. 

124. (Original) The system of claim 114 wherein said analyser is further operable to 
identify at least one or more of, credit card numbers, account codes, usernames, passwords, 
names and addresses and other predetermined keywords in the content of said outbound data. 

125. (Original) The system of claim 1 14 wherein said rules in said policy data specify an 
appropriate encryption strength for said outbound data, that is dependent on the address to which 
said outbound data is to be transmitted. 

126. (Original) The system of claim 1 14 wherein said analyser is located on each of said 
one or more workstations. 

127. (Original) The system of claim 1 14 wherein said application is a web browser. 

128. (Original) The system of claim 127 wherein said analyser is a plug-in module of said 
web browser. 

129. (Original) The system of claim 128 wherein said web browser is Microsoft's Internet 
Explorer and said analyser is a Browser Helper Object. 

130. (Original) The system of claim 1 14 wherein said application is an e-mail client. 

131. (Original) The system of claim 1 30 wherein said analyser is a plug-in module of said 
e-mail client. 

132. (Original) The system of claim 131 wherein said e-mail client is Microsoft's Outlook 
e-mail client and said analyser is a Microsoft client extension. 
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133. (Original) The system of claim 1 14 wherein said network comprises a server and said 
analyser is located at a point on said network intermediate said one or more workstations and 
said server, or said analyser is located at said server. 

134. (Original) The system of claim 114 wherein said computer network to which said 
one or more workstations are adapted for connection is a public computer network, and wherein 
said one or more workstations together form a private computer network. 

135. (Original) The system of claim 1 14 further comprising a supervisor workstation, said 
policy data being accessible by said supervisor workstation, such that a user of said supervisor 
workstation can edit said policy data. 

136. (Original) A method of managing information comprising the steps of: 
providing one or more workstations adapted for connection to a computer network, each 

workstation having a memory; 

providing an application stored in said memory of each workstation for transmitting 
outbound data to said network and receiving inbound data from said network; 

providing policy data containing rules specifying an appropriate encryption strength for 
outbound data, the encryption strength depending on the content of the data; and 

analysing said outbound data to determine, in accordance with said rules in said policy 
data, an appropriate encryption strength for the outbound data; 

controlling transmission of said outbound data from said application in dependence upon 
the determination of an appropriate encryption strength in said analysing step. 

137. (Original) The method of claim 136 wherein said rules in said policy data define 
confidential data which cannot be transmitted, and wherein in said controlling step transmission 
of said confidential data is prevented. 

138. (Original) The method of claim 136 wherein said analysing step further comprising 
the step of determining the present encryption strength in use for transmitting said outbound 
data; and wherein in said controlling step the transmission of said outbound data from said 
application is dependent upon both the determination of an appropriate encryption strength and 
the determination of the present encryption strength in use. 
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139. (Original) The method of claim 138 wherein if it is determined that the present 
encryption strength in use for transmitting outbound data is less than said appropriate encryption 
strength, then in said controlling step transmission of said outbound data from said application is 
prevented. 

140. (Original) The method of claim 138 wherein if in said analysing step it is determined 
that the present encryption strength in use for transmitting outbound data is less than said 
appropriate encryption strength, then in said controlling step an encryption strength appropriate 
for transmission of said outbound data is negotiated before transmission. 

141. (Original) The method of claim 138 wherein if in said analysing step it is determined 
that the present encryption strength in use for transmitting outbound data is less than said 
appropriate encryption strength, then in said controlling step the outbound data is modified such 
that the present encryption strength is an appropriate encryption strength. 

142. (Original) The method of claim 138 wherein in said analysing step if it is determined 
that the present encryption strength in use for transmitting outbound data is less than said 
appropriate encryption strength, then in said controlling step a user of said application is notified 
that the encryption strength in use is not sufficient. 

143. (Original) The method of claim 136 wherein said analysing step includes identifying 
credit card numbers in said outbound data. 

144. (Original) The method of claim 143 wherein said analysing step includes 
distinguishing a pre-determined set of one or more credit card numbers from other credit card 
numbers, and wherein said rules of said policy data define a different appropriate encryption 
strength for outbound data containing credit card numbers in that pre-determined set than for 
other credit card numbers. 

145. (Original) The method of claim 144 wherein said rules of said policy data specifies 
that there is no appropriate encryption strength for said pre-determined set of one or more credit 
card numbers. 
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146. (Original) The method of claim 136 wherein said analysing step includes identifying 
at least one or more of, credit card numbers, account codes, usernames, passwords, names and 
addresses and other predetermined keywords in the content of said outbound data. 

147. (Original) The method of claim 136 wherein said rules in said policy data specify an 
appropriate encryption strength for said outbound data, that is dependent on the address to which 
said outbound data is to be transmitted. 

148. The method of claim 136 wherein said analysing step is performed at said one or more 
workstations. 

149. (Original) The method of claim 136 wherein said application is a web browser. 

150. (Original) The method of claim 149 wherein said analysing step is performed by a 
plug-in module of said web browser. 

151. (Original) The method of claim 1 50 wherein said web browser is Microsoft's Internet 
Explorer and said plug-in module is a Browser Helper Object. 

152. (Original) The method of claim 136 wherein said application is an e-mail client. 

153. (Original) The method of claim 152 wherein said analysing step is performed by a 
plug-in module of said e-mail client. 

154. (Original) The method of claim 153 wherein said e-mail client is Microsoft's Outlook 
e-mail client and said plug-in module is a Microsoft Exchange client extension. 

155. (Original) The method of claim 136 wherein said network comprises a server and 
said analysing step is performed at a point on said network intermediate said one or more 
workstations and said server, or said analysing step is performed at said server. 

156. (Original) The method of claim 136 wherein said computer network to which said 
one or more workstations are adapted for connection is a public computer network, and wherein 
said one or more workstations together form a private computer network. 
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157. (Original) The method of claim 136 further comprising the step of providing a 
supervisor workstation, said policy data being accessible by said supervisor workstation, such 
that a user of said supervisor workstation can edit said policy data. 

158. (Withdrawn) A computer program product for controlling a computer connected to a 
public network to manage information, the computer having access to policy data containing 
rules specifying an appropriate encryption strength for outbound data transmitted to the public 
network, the encryption strength depending on the content of the data, comprising: a recording 
medium readable by the computer, having program code recorded thereon which when executed 
on said computer, configures said computer to: determine, in conjunction with an application 
running on the computer that is operable at least to transmit outbound data to said public 
network, with reference to said rules in said policy data, an appropriate encryption strength for 
the outbound data; and control the transmission of said outbound data by said application in 
dependence upon the determination of an appropriate encryption strength. 

159. (Withdrawn) The computer program product of claim 158 wherein said rules in said 
policy data define confidential data which cannot be transmitted, wherein said program code 
when executed on said computer is operable to prevent transmission of said confidential data 
from said application. 

160. (Withdrawn) The computer program product of claim 158 wherein said program code 
when executed on said computer is further operable to determine the present encryption strength 
in use for transmitting said outbound data; and to control the transmission of said outbound data 
from said application in dependence upon both the determination of an appropriate encryption 
strength and the determination of the present encryption strength in use. 

161. (Withdrawn) The computer program product of claim 1 60 wherein said program code 
when executed on said computer is further operable, if it is determined that the present 
encryption strength in use for transmitting outbound data is less than said appropriate encryption 
strength, to prevent the transmission of said outbound data from said application. 

162. (Withdrawn) The computer program product of claim 160 wherein said program code 
when executed on said computer is further operable, if it is determined that the present 
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encryption strength in use for transmitting outbound data is less than said appropriate encryption 
strength, to negotiate an appropriate encryption strength for transmission of said outbound data 
before transmission. 

163. (Withdrawn) The computer program product of claim 160 wherein said program code 
when executed on said computer is further operable, if it is determined that the present 
encryption strength in use for transmitting outbound data is less than said appropriate encryption 
strength, to modify the outbound data such that the present encryption strength is an appropriate 
encryption strength. 

164. (Withdrawn) The computer program product of claim 160 wherein said program code 
when executed on said computer is further operable, if it is determined that the present 
encryption strength in use for transmitting outbound data is less than said appropriate encryption 
strength, to provide notification that the encryption strength in use is not sufficient. 

165. (Withdrawn) The computer program product of claim 158 wherein said program code 
when executed on said computer is further operable to identify credit card numbers in said 
outbound data. 

166. (Withdrawn) The computer program product of claim 165 wherein said program code 
when executed on said computer is further operable to identify a pre-determined set of one or 
more credit card numbers from other credit card numbers, and wherein said rules of said policy 
data define a different appropriate encryption strength for outbound data containing credit card 
numbers in that pre-determined set than for other credit card numbers. 

167. (Withdrawn) The computer program product of claim 166 wherein said rules of said 
policy data specifies that there is no appropriate encryption strength for said pre-determined set 
of one or more credit card numbers. 

168. (Withdrawn) The computer program product of claim 158 wherein said program code 
when executed on said computer is further operable, to identify at least one or more of, credit 
card numbers, account codes, usernames, passwords, names and addresses and other 
predetermined keywords in the content of said outbound data. 
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169. (Withdrawn) The computer program product of claim 158 wherein said rules in said 
policy data specify an appropriate encryption strength for said outbound data, that is dependent 
on the address to which said outbound data is to be transmitted. 

170. (Withdrawn) The computer program product of claim 158 wherein said program code is 
executable on said computer. 

171 . (Withdrawn) The computer program product of claim 158 wherein said application is a 
web browser. 

172. (Withdrawn) The computer program product of claim 171 wherein said program code 
when executed on said computer is a plug-in module of said web browser. 

173. (Withdrawn) The computer program product of claim 172 wherein said web browser is 
Microsoft's Internet Explorer and said plug-in module is a Browser Helper Object. 

174. (Withdrawn) The computer program product of claim 158 wherein said application is an 
e-mail client. 

175. (Withdrawn) The computer program product of claim 174 wherein said program code 
when executed on said computer is a plug-in module of said e-mail client. 

176. (Withdrawn) The computer program product of claim 175 wherein said e-mail client is 
Microsoft's Outlook e-mail client and said plug-in module is a Microsoft Exchange client 
extension. 

177. (Withdrawn) The computer program product of claim 158 wherein said network 
includes a server and said program code is executable at a point on said network intermediate 
said one or more workstations and said server, or program code is executable at said server. 

178. (Currently Amended) An information management system comprising: 

a plurality of client workstations adapted for connection to a computer network, each 
workstation having a memory; 

a data repository arranged to receive data from each of said client workstations; 

an application stored in said memory of each workstation for transmitting outbound data 
to said network and receiving inbound data from said network; 
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policy data defining rules for the recording of data that may comprise part of a 
commercial transaction conducted between a client workstation and a third party across said 
computer network; 

an analyser, said analyser being operable in conjunction with said policy data to analyse 
at least one of said outbound data and said inbound data, to identify the existence of a 
commercial transaction occurring between a client workstation and a third party by analysing 
said outbound or said inbound data, and to cause transaction data that is all or part of said 
outbound data or said inbound data related to an identified commercial transaction to be stored in 
said data repository. 

179. (Currently Amended) The system of claim 178 wherein said analyser is operable to 
determine whether a secure link has been negotiated between said application and a remote site 
on said network, and to identify the existence of a commercial transaction if said outbound data 
or said inbound data is transmitted on a secure link. 

180. (Currently Amended) The system of claim 179 wherein said network is the Internet, and 
said rules of said policy data define the addresses of non-eCommerce web sites and/or non- 
eCommerce e-mail accounts, said analyser being operable to disregard any commercial 
transactions that are identified between a client workstation and a non-eCommerce web site 
and/or e-mail account such that no transaction data related to a commercial transaction made to a 
non-eCommerce web sites or a non-eCommerce e-mail account is stored in the data repository. 

181. (Currently Amended) The system of claim 178 wherein said analyser is operable to 
identify the existence of a commercial transaction by reference to said rules of said policy data, 
said rules of said policy data defining the addresses of known eCommerce locations. 

182. (Currently Amended) The system of claim 178 wherein said analyser is operable to 
identify credit card numbers, and to identify the existence of a commercial transaction by 
identifying credit card numbers in said outbound data or inbound data. 

183. (Currently Amended) The system of claim 178 wherein said analyser is operable to 
identify the existence of a commercial transaction by reference to said rules of said policy data, 
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said rules of said policy data defining one or more of pre-determined digital certificates, account 
codes, pre-determined keywords, pre-determined names and addresses and embedded codes. 

184. (Original) The system of claim 178 wherein said analyser is operable to identify 
embedded codes in said inbound data, said embedded code having been placed in said inbound 
data to identify it as transaction data. 

185. (Currently Amended) The system of claim 178 wherein said analyser is operable to 
identify electronic receipts, and to identify the existence of a commercial transaction by 
identifying an electronic receipt in said outbound or inbound data. 

186. (Currently Amended) The system of claim 178 wherein said analyser is operable to 
record a pre-determined number of subsequent transmissions of said outbound data or said 
inbound data following an identification of the existence of a commercial transaction by said 
analyser, providing that the address or organisation to which the subsequent transmissions are 
sent, or from which they are received, is the same as the address or organisation to which the 
outbound data was sent or from which the inbound data was received and in which the existence 
of a commercial transaction was identified. 

187. (Currently Amended) The system of claim 186, wherein said analyser is operable to 
detect one or more indicators of the nature of the commercial transaction, and said rules of said 
policy data define the number of subsequent transmissions of said outbound data and said 
inbound data that are to be recorded in said data repository based on the identified nature of the 
commercial transaction. 

188. (Currently Amended) The system of claim 186 wherein said rules of said policy data 
define the number of subsequent transmissions of said outbound and said inbound data that are to 
be stored in said data repository in dependence on the indicator by which the existence of a 
commercial transaction was identified. 

189. (Currently Amended) The system of claim 178 wherein said analyser is operable to 
record all subsequent transmissions of said outbound data or said inbound data that occur within 
a pre-determined amount of time following an identification of the existence of a commercial 
transaction by said analyser, providing that the address or organisation to which the subsequent 
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transmissions are sent, or from which they are received, is the same as the address or 
organisation to which the outbound data was sent or from which the inbound data was received 
and in which the existence of a commercial transaction was identified. 

190. (Currently Amended) The system of claim 189, wherein said analyser is operable to 
detect one or more indicators of the nature of the commercial transaction, and said rules of said 
policy data define the amount of time for which all subsequent transmissions of said outbound 
data and said inbound data are to be recorded in said data repository based on the identified 
nature of the commercial transaction. 

191. (Currently Amended) The system of claim 189 wherein said rules of said policy data 
define the amount of time for which subsequent transmissions of said outbound and said inbound 
data are to be stored in said data repository in dependence on the indicator by which the 
existence of a commercial transaction was identified. 

192. (Currently Amended) The system of claim 178 wherein said analyser is further operable 
to identify the completion of a commercial transaction by analysing said outbound data or said 
inbound data, and to cause all or part of said outbound data transmitted by said application and 
all or part of said inbound data received by said application after said analyser has identified the 
existence of a commercial transaction and before said analyser has identified the completion of a 
commercial transaction to be stored in said data repository. 

193. (Currently Amended) The system of claim 192 wherein said analyser is operable to 
identify subsequent related data in said outbound data transmitted by said application and said 
inbound data received by said application after said analyser has identified the completion of a 
commercial transaction, and to cause said subsequent related data to be stored in said data 
repository with said transaction data already identified. 

194. (Currently Amended) The system of claim 193 wherein said analyser is operable to 
identify said subsequent related data by identifying common indicators in both said transaction 
data already identified and said outbound data transmitted by said application and said inbound 
data received by said application after said analyser has identified the completion of a 
commercial transaction, said common indicators being one or more of the address of the location 
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to which said outbound data is transmitted or from which said inbound data is received, part of 
the data path to the location to which said outbound data is transmitted or from which said 
inbound data is received, account code or reference numbers. 

195. (Currently Amended) The system of claim 178 wherein said application is operable such 
that a user of said application can indicate said outbound and said inbound data that is related to 
a commercial transaction, said analyser being operable to identify said outbound and said 
inbound data so indicated. 

196. (Currently Amended) The system of claim 178 wherein said application is operable to 
store all of said outbound data and said inbound data in said memory of said workstation as 
previous data, irrespective of whether it may or may not be part of a commercial transaction and, 
said analyser is operable, if the existence of a commercial transaction is identified, to retrieve a 
pre-determined amount of previous data from said outbound data and said inbound data stored in 
said memory of said workstation, and to cause said previous data to be stored in said data 
repository with said transaction data. 

197. (Currently Amended) The system of claim 196 wherein said rules of said policy data 
specify the amount of previous data that is to be retrieved in dependence on the indicator by 
which the existence of a commercial transaction is identified. 

198. (Original) The system of claim 196 wherein said network is the Internet and said 
application is a web browser, said web browser being operable to store each web page that is 
viewed by said web browser in memory as previous data. 

199. (Currently Amended) The system of claim 198 wherein said rules of said policy data 
specify the number of web pages that are to be retrieved from those previously stored in memory 
in dependence on the indicator by which the existence of a commercial transaction is identified. 

200. (Currently Amended) The system of claim 178 wherein said application is operable to 
store all of said outbound data and said inbound data in memory as previous data, irrespective of 
whether it may or may not be part of a commercial transaction and, said analyser is operable, if 
the existence of a commercial transaction is identified, to identify, in said previous data, earlier 
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relevant data that is related to said transaction data already identified, and to cause said earlier 
relevant data to be stored in said data repository with said transaction data. 

201. (Original) The system of claim 200 wherein said analyser is operable to identify said 
earlier relevant data in said previous data, by identifying common indicators in both said 
transaction data and said outbound data and said inbound data previously stored in said memory 
of said workstation, said common indicators being one or more of the address of the location to 
which said outbound data is transmitted or from which said inbound data is received, part of the 
data path to the location to which said outbound data is transmitted or said inbound data is 
received, account code or reference number. 

202. (Currently Amended) The system of claim 178 wherein said application is operable to 
store all of said outbound data and said inbound data in memory as previous data, irrespective of 
whether it may or may not be part of a commercial transaction, and is further operable such that, 
if said analyser identifies the existence of a commercial transaction, a user of said application can 
select earlier relevant data from said previous data, said earlier relevant data selected by the user 
being stored in said common data repository together with said transaction data. 

203. (Currently Amended) The system of claim 178 wherein said analyser is operable, once it 
has identified the existence of a commercial transaction, to determine the nature of said 
commercial transaction by analysing the content of said outbound and inbound data, and said 
rules of said policy data define how said transaction data is to be stored in said data repository in 
dependence on the nature of the commercial transaction determined by said analyser, said 
transaction data being stored in said database according to said determination and said rules of 
said policy data. 

204. (Currently Amended) The system of claim 203 wherein said analyser is operable to 
determine the nature of the commercial transaction by identifying in said outbound data and said 
inbound data one or more indicators, said indicators being defined in said rules of said policy 
data, and being one or more of: the address of the network location to which said data that may 
be part of a commercial transaction is transmitted or from which it is received; part of the data 
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path to the network location to which said transaction data is transmitted or from which it is 
received; account codes; reference numbers; credit card numbers; digital certificates and pre- 
determined keywords. 

205. (Currently Amended) The system of claim 178 wherein said analyser is operable to 
identify, once the existence of a commercial transaction has been identified, one or more 
indicators of the nature of said commercial transaction, said transaction data being stored in said 
data repository such that it is organised by said one or more indicators to form a record. 

206. (Currently Amended) The system of claim 205 wherein said rules of said policy data 
define said one or more indicators of the nature of a commercial transaction, said indicators 
being one or more of: the address of the location to which said transaction data is transmitted or 
from which it is received; part of the data path to the location to which said transaction data is 
transmitted or from which it is received; account codes, reference numbers, credit card numbers, 
digital certificates and pre-determined keywords. 

207. (Original) The system of claim 178 wherein said data repository is accessible by one 
or more of an accounts application, an order processing application or other transaction 
management application. 

208. (Original) The system of claim 178 wherein any data transmitted to said data 
repository is encrypted before it is transmitted to said data repository. 

209. (Original) The system of claim 178 wherein any data stored in said data repository is 
encrypted. 

210. (Original) The system of claim 178 wherein said analyser is located on each of said 
one or more workstations. 

211. (Original) The system of claim 178 wherein said application is a web browser. 

212. (Original) The system of claim 211 wherein said analyser is a plug-in module of said 
web browser. 

213. (Original) The system of claim 2 1 2 wherein said web browser is Microsoft's Internet 
Explorer and said analyser is a Browser Helper Object. 
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214. (Original) The system of claim 178 wherein said application is an e-mail client. 

215. (Original) The system of claim 214 wherein said analyser is a plug-in module of said 
e-mail client. 

216. (Original) The system of claim 215 wherein said e-mail client is Microsoft's Outlook 
e-mail client and said analyser is a Microsoft Exchange client extension. 

217. (Original) The system of claim 178 wherein said network comprises a server, and 
said analyser is located at a point on said network intermediate said one or more work stations 
and said server, or said analyser is located at said server. 

218. (Original) The system of claim 178 wherein said computer network to which said 
one or more workstations are adapted for connection is a public computer network, and wherein 
said one or more workstations together form a private computer network. 

219. (Original) The system of claim 178 further comprising a supervisor workstation, said 
policy data being accessible by said supervisor workstation, such that a user of said supervisor 
workstation can edit said policy data. 

220. (Currently Amended) A method of managing information comprising the steps of: 
providing a plurality of client workstations adapted for connection to a computer 

network, each workstation having a memory; 

providing a data repository arranged to receive data from each of said client workstations; 

providing an application stored in said memory of each workstation for transmitting 
outbound data to said network and receiving inbound data from said network; 

providing policy data defining rules for the recording of data that may comprise part of a 
commercial transaction conducted between a client workstation and a third party across said 
computer network; and 

analysing, at least one of said outbound data and said inbound data to identify, with 
reference to said rules of said policy data, the existence of a commercial transaction occurring 
between a client workstation and a third party; and 

storing transaction data that is all or part of said outbound data or said inbound data 
related to an identified commercial transaction in said data repository. 
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221. (Currently Amended) The method of claim 220 wherein in said analysing step the 
existence of a commercial transaction is identified by determining whether a secure link has been 
negotiated between said application and a remote site on said network, and by determining 
whether said outbound data or said inbound data is transmitted on that link. 

222. (Currently Amended) The method of claim 221 wherein said network is the Internet, and 
said rules of said policy data define the addresses of non-eCommerce web sites and/or non- 
eCommerce e-mail accounts, wherein said analysing step includes disregarding any commercial 
transactions that are identified between a client workstation and a non-eCommerce web site 
and/or e-mail account such that no transaction data related to a commercial transaction made to a 
non-eCommerce web site or a non-eCommerce e-mail account is stored in the data repository. 

223. (Currently Amended) The method of claim 220 wherein said analysing step includes 
identifying the existence of a commercial transaction by reference to said rules of said policy 
data, said rules of said policy data defining the addresses of known eCommerce locations. 

224. (Currently Amended) The method of claim 220 wherein said analysing step includes 
identifying credit card numbers, and the existence of a commercial transaction is identified by 
identifying credit card numbers in said outbound data or inbound data. 

225. (Currently Amended) The method of claim 220 wherein in said analysing step the 
existence of a commercial transaction is identified by reference to said rules of said policy data, 
said rules of said policy data defining one or more of pre-determined digital certificates, account 
codes, pre-determined keywords, pre-determined names and addresses and embedded codes. 

226. (Currently Amended) The method of claim 220 wherein said analysing step includes 
detecting an embedded code in said inbound data, said embedded code having been placed in 
said inbound data to identify it as transaction data. 

227. (Currently Amended) The method of claim 220 wherein in said analysing step, the 
existence of a commercial transaction is identified by identifying an electronic receipt in said 
outbound or inbound data. 

228. (Currently Amended) The method of claim 220 further comprising the step of recording 
a pre-determined number of subsequent transmissions of said outbound data or said inbound data 
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following an identification of the existence of a commercial transaction in said analysing step, 
providing that the address or organisation to which the subsequent transmissions are sent, or 
from which they are received, is the same as the address or organisation to which the outbound 
data was sent or from which the inbound data was received and in which the existence of a 
commercial transaction was identified. 

229. (Currently Amended) The method of claim 228, wherein said analysing step includes 
detecting one or more indicators of the nature of the commercial transaction, and said rules of 
said policy data define the number of subsequent transmissions of said outbound data and said 
inbound data that are to be recorded in said data repository based on the identified nature of the 
commercial transaction. 

230. (Currently Amended) The method of claim 228 wherein said rules of said policy data 
define the number of subsequent transmissions of said outbound and said inbound data that are to 
be stored in said data repository in dependence on the indicator by which the existence of a 
commercial transaction was identified. 

231. (Currently Amended) The method of claim 220 further comprising the step of recording 
all subsequent transmissions of said outbound data or said inbound data that occur within a pre- 
determined amount of time following an identification of the existence of a commercial 
transaction in said analysing step, providing that the address or organisation to which the 
subsequent transmissions are sent, or from which they are received, is the same as the address or 
organisation to which the outbound data was sent or from which the inbound data was received 
and in which the existence of a commercial transaction was identified. 

232. (Currently Amended) The method of claim 231, wherein said analysing step includes 
detecting one or more indicators of the nature of the commercial transaction, and said rules of 
said policy data define the amount of time for which all subsequent transmissions of said 
outbound data and said inbound data are to be recorded in said data repository based on the 
identified nature of the commercial transaction. 

233. (Currently Amended) The method of claim 231 wherein said rules of said policy data 
define the amount of time for which subsequent transmissions of said outbound and said inbound 
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data are to be stored in said data repository in dependence on the indicator by which the 
existence of a commercial transaction was identified. 

234. (Currently Amended) The method of claim 220 wherein said analysing step includes 
identifying the completion of a commercial transaction by analysing said outbound data or said 
inbound data, and said storing step includes storing all or part of said outbound data transmitted 
by said application and all or part of said inbound data received by said application, after the 
existence of a commercial transaction has been identified and before the completion of a 
commercial transaction has been identified, in said data repository. 

235. (Currently Amended) The method of claim 234 wherein said analysing step includes 
identifying subsequent related data contained in said outbound data transmitted by said 
application and said inbound data received by said application after the completion of a 
commercial transaction, and said storing step includes storing said subsequent related data in said 
data repository with said transaction data already identified. 

236. (Currently Amended) The method of claim 235 wherein said analysing step includes 
identifying said subsequent related data by identifying common indicators in both said 
transaction data already identified and said outbound data transmitted by said application and 
said inbound data received by said application after the completion of a commercial transaction 
has been identified, said common indicators being one or more of the address of the location to 
which said outbound data is transmitted or from which said inbound data is received, part of the 
data path to the location to which said outbound data is transmitted or from which said inbound 
data is received, account code or reference numbers. 

237. (Currently Amended) The method of claim 220 wherein said application is operable such 
that a user of said application can indicate said outbound and said inbound data that is related to 
a commercial transaction, said analysing step including identifying indicated outbound and 
inbound data. 

238. (Currently Amended) The method of claim 220 further comprising the step of storing all 
of said outbound data and said inbound data in said memory of said workstation as previous data, 
irrespective of whether it may or may not be part of a commercial transaction and, said analysing 
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step includes retrieving a pre-determined amount of previous data from said outbound data and 
said inbound data stored in said memory of said workstation if the existence of a commercial 
transaction is identified, and said storing step includes storing said previous data in said data 
repository with said transaction data. 

239. (Currently Amended) The method of claim 238 wherein said rules of said policy data 
specify the amount of previous data that is to be retrieved in dependence on the indicator by 
which the existence of a commercial transaction is identified. 

240. (Original) The method of claim 238 wherein said network is the Internet and said 
application is a web browser, said web browser being operable to store each web page that is 
viewed by said web browser in memory as previous data. 

241. (Currently Amended) The method of claim 240 wherein said rules of said policy data 
specify the number of web pages that are to be retrieved from those previously stored in memory 
in dependence on the indicator by which the existence of a commercial transaction is identified. 

242. (Currently Amended) The method of claim 220 further comprising the step of storing all 
of said outbound data and said inbound data in memory as previous data, irrespective of whether 
it may or may not be part of a commercial transaction and, said analysing step includes 
identifying, in said previous data, earlier relevant data that is related to said transaction data 
already identified, and said storing step includes storing said earlier relevant commercial data in 
said data repository with said transaction data. 

243. (Original) The method of claim 242 wherein said analysing step includes identifying 
said earlier relevant data in said previous data, by identifying common indicators in both said 
transaction data and said previous data, said common indicators being one or more of the address 
of the location to which said outbound data is transmitted or from which said inbound data is 
received, part of the data path to the location to which said outbound data is transmitted or said 
inbound data is received, account code or reference number. 

244. (Currently Amended) The method of claim 220 further comprising the steps of storing all 
of said outbound data and said inbound data in memory as previous data, irrespective of whether 
it may or may not be part of a commercial transaction; and if the existence of a commercial 
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transaction is identified, providing a user of said application with a selector for selecting earlier 
relevant data from said previous data, and wherein said storing step includes storing said earlier 
relevant data selected by the user in said data repository together with said transaction data. 

245. (Currently Amended) The method of claim 220 wherein said analysing step includes, 
once the existence of a commercial transaction has been identified, determining the nature of 
said commercial transaction by analysing the content of said outbound and inbound data, said 
rules of said policy data defining how said transaction data is to be stored in said data repository 
in dependence on the nature of the commercial transaction determined in said analysing step, 
said transaction data being stored in said database according to said determination and said rules 
of said policy data. 

246. (Currently Amended) The method of 245 wherein said analysing step includes 
determining the nature of the commercial transaction by identifying in said outbound data and 
said inbound data one or more indicators, said indicators being defined in said rules of said 
policy data, and being one or more of: the address of the network location to which said data that 
may be part of a commercial transaction is transmitted or from which it is received; part of the 
data path to the network location to which said transaction data is transmitted or from which it is 
received; account codes; reference numbers; credit card numbers; digital certificates and pre- 
determined keywords. 

247. (Currently Amended) The method of claim 220 wherein said analysing step includes 
identifying, once the existence of a commercial transaction has been identified, one or more 
indicators of the nature of said commercial transaction, and said storing step includes organising 
transaction data stored in said data repository by said one or more indicators such that it forms a 
record. 

248. (Currently Amended) The method of claim 247 wherein said rules of said policy data 
define said one or more indicators of the nature of a commercial transaction, said indicators 
being one or more of: the address of the location to which said transaction data is transmitted or 
from which it is received; part of the data path to the location to which said transaction data is 
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transmitted or from which it is received; account codes, reference numbers, credit card numbers, 
digital certificates and pre-determined keywords. 

249. (Original) The method of claim 220 wherein said data repository is accessible by one 
or more of an accounts application, an order processing application or other transaction 
management application. 

250. (Original) The method of claim 220 further comprising the step of encrypting any 
relevant data identified in said analysing step before it is stored in said data repository. 

25 1 . (Original) The method of claim 220 further comprising the step of encrypting the 
data stored in said data repository. 

252. (Original) The method of claim 220 wherein said analysing step is performed at said 
one or more workstations. 

253. (Original) The method of claim 220 wherein said application is a web browser. 

254. (Original) The method of claim 253 wherein said analysing step is performed by a 
plug-in module of said web browser. 

255. (Original) The method of claim 254 wherein said web browser is Microsoft's Internet 
Explorer and said plug-in module is a Browser Helper Object. 

256. (Original) The method of claim 220 wherein said application is an e-mail client. 

257. (Original) The method of claim 256 wherein said analysing step is performed by a 
plug-in module of said e-mail client. 

258. (Original) The method of claim 257 wherein said e-mail client is Microsoft's Outlook 
e-mail client and said plug-in module is a Microsoft Exchange client extension. 

259. (Original) The method of claim 220 wherein said network comprises a server, and 
said analysing step is performed at a point on said network intermediate said one or more work 
stations and said server, or said analysing step is performed at said server. 
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260. (Original) The method of claim 220 wherein said computer network to which said 
one or more workstations are adapted for connection is a public computer network, and wherein 
said one or more workstations together form a private computer network. 

261. (Original) The method of claim 220 further comprising the step of providing a 
supervisor workstation, said policy data being accessible by said supervisor workstation, such 
that a user of said supervisor workstation can edit said policy data. 

262. (Withdrawn) A computer program product for controlling a plurality of computers in a 
private network to manage information, the network having a data repository arranged to receive 
data from the plurality of computers, and policy data defining rules for the recording of data that 
may comprise part of a transaction conducted between a computer in the private network and a 
third party across a public network, comprising: a recording medium readable by a computer, 
having program code recorded thereon which when executed on each of said plurality of 
computers configures said computers to: analyse, in conjunction with an application running on 
the computer that is operable to transmit outbound data to said public network and receive 
inbound data from said public network, at least one of said outbound data and said inbound data 
to identify, with reference to said rules of said policy data, the existence of a transaction 
occurring between the computer and a third party; and to control said computer to store 
transaction data that is all or part of said outbound data or said inbound data related to an 
identified transaction in said data repository. 

263. (Withdrawn) The computer program product of claim 262 wherein said program code 
when executed on said computer is operable to identify the existence of a transaction by 
determining whether a secure link has been negotiated between said application and a remote site 
on said public network, and whether the outbound data or said inbound data is transmitted on 
that link. 

264. (Withdrawn) The computer program product of claim 263 wherein said public network 
is the Internet, and said rules of said policy data define the addresses of non-eCommerce web 
sites and/or non-eCommerce e-mail accounts, wherein said program code when executed on said 
computer is operable to disregard any transactions that are identified between the computer and a 
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non-eCommerce web site and/or e-mail account such that no transaction data related to a 
transaction made to a non-eCommerce web sites or a non-eCommerce e-mail account is stored in 
the data repository. 

265. (Withdrawn) The computer program product of claim 262 wherein said program code 
when executed on said computer is operable to identify the existence of a transaction by 
reference to said rules of said policy data, said rules of said policy data defining the addresses of 
known eCommerce locations. 

266. (Withdrawn) The computer program product of claim 262 wherein said program code 
when executed on said computer is operable to identify credit card numbers, and the existence of 
a transaction is identified by identifying credit card numbers in said outbound data or inbound 
data. 

267. (Withdrawn) The computer program product of claim 262 wherein said program code 
when executed on said computer is operable to identify the existence of a transaction by 
reference to said rules of said policy data, said rules of said policy data defining one or more of 
pre-determined digital certificates, account codes, pre-determined keywords, pre-determined 
names and addresses and embedded codes. 

268. (Withdrawn) The computer program product of claim 262 wherein said program code 
when executed on said computer is operable to identify in said inbound data an embedded code, 
said embedded code having been placed in said inbound data to identify it as transaction data. 

269. (Withdrawn) The computer program product of claim 262 wherein said program code 
when executed on said computer is operable to identify the existence of a transaction by 
identifying an electronic receipt in said outbound or inbound data. 

270. (Withdrawn) The computer program product of claim 262 wherein said program code 
when executed on said computer is further operable to control the computer to record a pre- 
determined number of subsequent transmissions of said outbound data or said inbound data 
following an identification of the existence of a transaction, providing that the address or 
organisation to which the subsequent transmissions are transmitted, or from which they are 
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received, is the same as the address or organisation to which the outbound data was sent or from 
which the inbound data was received and in which the existence of a transaction was identified. 

27 1 . (Withdrawn) The computer program product of claim 270, wherein said program code 
when executed on said computer is operable to detect one or more indicators of the nature of the 
transaction, and said rules of said policy data define the number of subsequent transmissions of 
said outbound data and said inbound data that are to be recorded in the data repository based on 
the identified nature of the transaction. 

272. (Withdrawn) The computer program product of claim 270 wherein said rules of said 
policy data define the number of subsequent transmissions of said outbound and said inbound 
data that are to be stored in said data repository in dependence on the indicator by which the 
existence of a transaction was identified. 

273. (Withdrawn) The computer program product of claim 262 wherein said program code 
when executed on said computer is operable to control the computer to record all subsequent 
transmissions of said outbound data or said inbound data that occur within a pre-determined 
amount of time following an identification of the existence of a transaction, providing that the 
address or organisation to which the subsequent transmissions are transmitted, or from which 
they are received, is the same as the address or organisation to which the outbound data was 
transmitted or from which the inbound data was received and in which the existence of a 
transaction was identified. 

274. (Withdrawn) The computer program product of claim 273 wherein said program code 
when executed on said computer is operable to detect one or more indicators of the nature of the 
transaction, and said rules of said policy data define the amount of time for which all subsequent 
transmissions of said outbound data and said inbound data are to be recorded in said data 
repository based on the identified nature of the transaction. 

275. (Withdrawn) The computer program product of claim 273 wherein said rules of said 
policy data define the amount of time for which subsequent transmissions of said outbound and 
said inbound data are to be stored in said data repository in dependence on the indicator by 
which the existence of a transaction was identified. 
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276. (Withdrawn) The computer program product of claim 262 wherein said program code 
when executed on said computer is operable to identify the completion of a transaction, and 
control the computer to store all or part of said outbound data transmitted by said application and 
all or part of said inbound data received by said application after the existence of a transaction 
has been identified and before the completion of a transaction has been in identified in said data 
repository. 

277. (Withdrawn) The computer program product of claim 276 wherein said program code 
when executed on said computer is operable to identify subsequent related data contained in said 
outbound data transmitted by said application and said inbound data received by said application 
after the completion of a transaction, and control the computer to store said subsequent related 
data in the data repository with said transaction data already identified. 

278. (Withdrawn) The computer program product of claim 277 wherein said program code 
when executed on said computer is operable to identify said subsequent related data by 
identifying common indicators in both said transaction data already identified and said outbound 
data transmitted by said application and said inbound data received by said application after the 
completion of a transaction has been identified, said common indicators being one or more of the 
address of the location to which said outbound data is transmitted or from which said inbound 
data is received, part of the data path to the location to which said outbound data is transmitted or 
from which said inbound data is received, account code or reference numbers. 

279. (Withdrawn) The computer program product of claim 262 wherein said application is 
operable such that a user of said application can indicate said outbound and said inbound data 
that is related to a transaction, said program code when executed on said computer being 
operable to identify said outbound and said inbound data so indicated. 

280. (Withdrawn) The computer program product of claim 262 wherein said program code 
when executed on said computer is operable to control the computer to store all of said outbound 
data and said inbound data in memory as previous data, irrespective of whether it may or may 
not be part of a transaction and, to retrieve a pre-determined amount of previous data from said 
outbound data and said inbound data stored in memory if the existence of a transaction is 
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identified, and to control the computer to store said previous data in the data repository with said 
transaction data. 

281. (Withdrawn) The computer program product of claim 280 wherein said rules of said 
policy data specify the amount of previous data that is to be retrieved in dependence on the 
indicator by which the existence of a transaction is identified. 

282. (Withdrawn) The computer program product of claim 280 wherein said public network 
is the Internet and said application is a web browser, said web browser being operable to store 
each web page that is viewed by said web browser in memory as previous data. 

283. (Withdrawn) The computer program product of claim 282 wherein said rules of said 
policy data specify the number of web pages that are to be retrieved from those previously stored 
in memory in dependence on the indicator by which the existence of a transaction is identified. 

284. (Withdrawn) The computer program product of claim 262 wherein said program code 
when executed on said computer is further operable to control the computer to store all of said 
outbound data and said inbound data in memory as previous data, irrespective of whether it may 
or may not be part of a transaction and, to identify, in said previous data, earlier relevant data 
that is related to said transaction data already identified, and control the computer to store the 
earlier relevant data in the data repository with said transaction data. 

285. (Withdrawn) The computer program product of claim 284 wherein said program code 
when executed on said computer is further operable to identify said earlier relevant data in said 
previous data, by identifying common indicators in both said transaction data and said previous 
data, said common indicators being one or more of the address of the location to which said 
outbound data is transmitted or from which said inbound data is received, part of the data path to 
the location to which said outbound data is transmitted or said inbound data is received, account 
codes or reference numbers. 

286. (Withdrawn) The computer program product of claim 262 wherein said program code 
when executed on said computer is further operable to control the computer to store all of said 
outbound data and said inbound data in memory as previous data, irrespective of whether it may 
or may not be part of a transaction; and wherein said computer program product further 
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comprises a selector, recorded on said recording medium, said selector being operable to select 
earlier relevant data from said previous data in response to input from a user, and wherein said 
program code when executed on said computer is further operable to control the computer to 
store said earlier relevant data selected by the user in said data repository together with said 
transaction data. 

287. (Withdrawn) The computer program product of claim 262 wherein said program code 
when executed on said computer is operable, once the existence of a transaction has been 
identified, to determine the nature of said transaction by analysing the content of said outbound 
and inbound data, said rules of said policy data defining how said transaction data is to be stored 
in said data repository in dependence on the nature of the transaction that has been determined, 
said transaction data being stored in said database according to said determination and said rules 
of said policy data. 

288. (Withdrawn) The computer program product of claim 287 wherein said program code 
when executed on said computer is further operable to determine the nature of the transaction by 
identifying in said outbound data and said inbound data one or more indicators, said indicators 
being defined in said rules of said policy data, and being one or more of: the address of the 
public network location to which said data that may be part of a transaction is transmitted or 
from which it is received; part of the data path to the public network location to which said 
transaction data is transmitted or from which it is received; account codes; reference numbers; 
credit card numbers; digital certificates and pre-determined keywords. 

289. (Withdrawn) The computer program product of claim 262 wherein said program code 
when executed on said computer is further operable, once the existence of a transaction has been 
identified, to identify one or more indicators of the nature of said transaction, and to control the 
computer to organise the storage of said transaction data by said one or more indicators such that 
it forms a record. 

290. (Withdrawn) The computer program product of claim 289 wherein said rules of said 
policy data define said one or more indicators of the nature of a transaction, said indicators being 
one or more of: the address of the public location to which said transaction data is transmitted or 
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from which it is received; part of the data path to the public location to which said transaction 
data is transmitted or from which it is received; account codes, reference numbers, credit card 
numbers, digital certificates and pre-determined keywords. 

291. (Withdrawn) The computer program product of claim 262 wherein the data repository is 
accessible by one or more of an accounts application, an order processing application or other 
transaction management application. 

292. (Withdrawn) The computer program product of claim 262 wherein said program code 
when executed on said computer is further operable to cause any identified relevant data to be 
encrypted before it is stored in said data repository. 

293. (Withdrawn) The computer program product of claim 262 wherein said program code 
when executed on said computer is further operable to cause any relevant data stored in the data 
repository to be encrypted. 

294. (Withdrawn) The computer program product of claim 262 wherein said program code is 
executable at each of said computers. 

295. (Withdrawn) The computer program product of claim 262 wherein said application is a 
web browser. 

296. (Withdrawn) The computer program product of claim 295 wherein said program code 
when executed on said computer is a plug-in module of said web browser. 

297. (Withdrawn) The computer program product of claim 296 wherein said web browser is 
Microsoft's Internet Explorer and said plug-in module is a Browser Helper Object. 

298. (Withdrawn) The computer program product of claim 262 wherein said application is an 
e-mail client. 

299. (Withdrawn) The computer program product of claim 298 wherein said program code 
when executed on said computer is a plug-in module of said e-mail client. 

300. (Withdrawn) The computer program product of claim 299 wherein said e-mail client is 
Microsoft's Outlook e-mail client and said plug-in module is a Microsoft Exchange client 
extension. 
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301. (Withdrawn) Computer program product of claim 262 wherein said network includes a 
server and said program code is executable at a point on said network intermediate said one or 
more workstations and said server, or said program code is executable at said server. 

302. (Withdrawn) The computer program product of claim 262 further comprising program 
code recorded on the recording medium which when executed on a computer in the plurality of 
computers enable that computer as a supervisor workstation, said supervisor workstation having 
access to said data repository and being operable to view said relevant data stored in said data 
repository. 

303. (Withdrawn) The computer program product of claim 302 wherein said policy data is 
accessible by said supervisor workstation, such that a user of said supervisor workstation can edit 
said policy data. 

304. (Currently Amended) An information management system comprising: 

one or more workstations adapted for connection to a computer network, each 
workstation having a memory; 

an application stored in said memory of each workstation for transmitting outbound data 
to said network and receiving inbound data from said network; 

policy data, containing rules for the transmission of identifying in outbound data 
transaction data that is that may be part of a commercial transactio n, and rules for the 
transmission of transaction data so identified ; and 

an analyser, said analyser being operable in conjunction with said policy data to identify 
in at least said outbound data, transaction data that may be part of a transaction, and to make a 
determination in accordance with said rules of said policy data as to whether the transmission of 
said transaction data would satisfy said rules; and wherein the transmission of said transaction 
data by said application is dependent on said determination made by said analyser. 

305. (Original) The system of claim 304, wherein according to said determination made 
by said analyser, said transaction data is either, transmitted, not transmitted, or sent to an 
approver who determines whether or not to transmit the transaction data. 
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306. (Original) The system of claim 305 further comprising: one or more approvers, for 
deciding whether the transmission of said data that may be part of a transaction may be made; 
wherein said analyser is operable to identify in said data that may be part of a transaction, data 
that needs approval and to refer said data that needs approval to one of said one or more 
approvers; and the transmission of said data that needs approval being dependent on the decision 
of said one or more approver. 

307. (Original) The system of claim 306 wherein said analyser is operable to identify said 
transaction data that needs approval by determining the nature of said transaction data and by 
checking said rules of said policy data, said rules of said policy data defining whether or not 
approval is needed in dependence on the determined nature of said transaction data. 

308. (Original) The system of claim 306 wherein said analyser is operable to determine 
the nature of said transaction data by identifying at least one of the identity of the transmitter of 
said data, the identity of the intended recipient of said data, the workstation from which said data 
is to be transmitted, the sum for which a transaction is to be made, and the account against which 
a transaction is to be made. 

309. (Original) The system of claim 306 wherein said analyser is operable to determine 
the nature of said transaction data that needs approval and to select said one of said one or more 
approvers in dependence on that determination. 

310. (Original) The system of claim 309 wherein said analyser is operable to determine 
the nature of said transaction data that needs approval by identifying at least one of the identity 
of the transmitter of said data, the identity of the intended recipient of said data, the work station 
from which said data is to be transmitted, the sum for which a transaction is to be made, and the 
account against which the transaction is to be made. 

311. (Original) The system of claim 304 wherein said analyser is operable to determine 
whether a secure link has been negotiated between said application and a remote site on said 
network, and to identify said outbound data or said inbound data as transaction data, if it is 
transmitted on a secure link. 
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312. (Original) The system of claim 311 wherein said network is the Internet, and said 
rules of said policy data define the addresses of web sites or e-mail accounts that negotiate secure 
links for the transmission of data but which are known not to be eCommerce sites or accounts, 
said analyser being operable to disregard said outbound data transmitted to those web sites or 
accounts or said inbound data received from those web sites or accounts, such that no approval is 
required. 

313. (Original) The system of claim 304 wherein said analyser is operable to identify 
transaction data by reference to said rules of said policy data, said rules of said policy data 
defining the addresses of known eCommerce web sites and e-mail accounts. 

3 14. (Original) The system of claim 304 wherein said analyser is operable to identify 
credit card numbers in said outbound data or said inbound data, and to identify outbound data or 
inbound data that contains a credit card number as transaction data. 

3 15. (Original) The system of claim 3 14 wherein said policy data specifies pre-determined 
credit card numbers that can never be transmitted. 

316. (Original) The system of claim 304 wherein said analyser is operable to identify 
transaction data by reference to said rules of said policy data, said rules of said policy data 
defining one or more of pre-determined digital certificates, account codes, pre-determined 
keywords, pre-determined names and addresses and embedded codes. 

317. (Original) The system of claim 304 wherein said analyser is operable to identify 
embedded codes in said inbound data, said embedded codes having been placed in said inbound 
data to mark said inbound data as transaction data. 

318. (Original) The system of claim 304 wherein said application is operable such that a 
user of said application can indicate said outbound and said inbound data that is part of a 
transaction, said analyser being operable to identify said outbound and said inbound data so 
indicated. 

319. (Original) The system of claim 304 wherein said analyser is located on each of said 
one or more workstations. 
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320. (Original) The system of claim 304 wherein said application is a web browser. 

321. (Original) The system of claim 320 wherein said analyser is a plug-in module of said 
web browser. 

322. (Original) The system of claim 321 wherein said web browser is Microsoft's Internet 
Explorer and said analyser is a Browser Helper Object. 

323. (Original) The system of claim 304 wherein said application is an e-mail client. 

324. (Original) The system of claim 323 wherein said analyser is a plug-in module of said 
e-mail client. 

325. (Original) The system of claim 324 wherein said e-mail client is Microsoft's Outlook 
e-mail client and said analyser is a Microsoft Exchange client extension. 

326. (Original) The system of claim 304 wherein said network comprises a server and said 
analyser is located at a point on said network intermediate said one or more workstations and 
said server, or said analyser is located at said server. 

327. (Original) The system of claim 304 wherein said computer network to which said 
one or more workstations are adapted for connection is a public computer network, and wherein 
said one or more workstations together form a private computer network. 

328. (Original) The system of claim 304 further comprising a supervisor workstation, said 
policy data being accessible by said supervisor workstation, such that a user of said supervisor 
workstation can edit said policy data. 

329. (Currently Amended) A method for managing information comprising the steps of: 
providing one or more workstations adapted for connection to a computer network, each 

workstation having a memory; 

providing an application stored in said memory of each workstation for transmitting 
outbound data to said network and receiving inbound data from said network; 

providing policy data, containing rules for identifying in the transmission of outbound 
data transaction data that is that may b e part of a commercial transaction, and rules for the 
transmission of transaction data so identified ; and 
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analysing at least said outbound data to identify, with reference to said rule of said policy 
data, transaction data that may be part of a transaction; 

determining, in accordance with said rules of said policy data, whether the transmission 
of said transaction data would satisfy said rules; 

controlling transmission of said transaction data by said application in dependence on the 
determination made in said determining step. 

330. (Original) The method of claim 329, wherein said controlling step includes said 
transaction data being either, transmitted, not transmitted, or sent to an approver who determines 
whether or not to transmit the transaction data. 

331. (Original) The method of claim 330 further comprising the steps of: identifying in 
said data that may be part of a transaction, data that needs approval; referring said data that need 
approval to one or more approvers for approval; and monitoring whether or nor approval is 
received from said one or more approvers; and wherein in said controlling step, the transmission 
of said transaction data depends on whether or not approval is received from said one or more 
approvers. 

332. (Original) The method of claim 33 1 wherein said analysing step includes identifying 
said transaction data that needs approval by determining the nature of said transaction data and 
checking said rules of said policy data, said rules of said policy data defining whether or not 
approval is needed in dependence on the determined nature of said transaction data. 

333. (Original) The method of claim 33 1 wherein said analysing step includes 
determining the nature of said transaction data by identifying at least one of the identity of the 
transmitter of said data, the identity of the intended recipient of said data, the workstation from 
which said data is to be transmitted, the sum for which a transaction is to be made, and the 
account from which a transaction is to be made. 

334. (Original) The method of claim 33 1 wherein said analysing step includes 
determining the nature of said transaction data that needs approval and selecting said one of said 
one or more approvers in dependence on that determination. 
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335. (Original) The method of claim 334 wherein said analysing step includes 
determining the nature of said transaction data that needs approval by identifying at least one of 
the identity of the transmitter of said data, the identity of the intended recipient of said data, the 
work station from which said data is to be transmitted, the sum for which a transaction is to be 
made, and the account from which the transaction is to be made. 

336. (Original) The method of claim 329 wherein said analysing step includes 
determining whether a secure link has been negotiated between said application and a remote site 
on said network, and identifying said outbound data or said inbound data as transaction data, if it 
is transmitted on a secure link. 

337. (Original) The method of claim 336 wherein said network is the Internet, and said 
rules of said policy data define the addresses of web sites or e-mail accounts that negotiate secure 
links for the transmission of data but which are known not to be eCommerce sites or accounts, 
and said analysing step includes disregarding said outbound data transmitted to those web sites 
or accounts or said inbound data received from those web sites or accounts, such that no 
approval is required. 

338. (Original) The method of claim 329 wherein said analysing step includes identifying 
transaction data by reference to said rules of said policy data, said rules of said policy data 
defining the addresses of known eCommerce web sites and e-mail accounts. 

339. (Original) The method of claim 329 wherein said analysing step includes identifying 
credit card numbers in said outbound data or said inbound data, and identifying outbound data or 
inbound data that contains a credit card number as transaction data. 

340. (Original) The method of claim 339 wherein said policy data specifies pre- 
determined credit card numbers that can never be transmitted. 

341. (Original) The method of claim 329 wherein said analysing step includes identifying 
transaction data by reference to said rules of said policy data, said rules of said policy data 
defining one or more of pre-determined digital certificates, account codes, pre-determined 
keywords, pre-determined names and addresses and embedded codes. 
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342. (Original) The method of claim 329 wherein said analysing step includes detecting 
an embedded code in said inbound data, said embedded code having been placed in said inbound 
data to mark said inbound data as transaction data. 

343. (Original) The method of claim 329 further comprising the step of providing a user 
of said application with a selector to indicate said outbound and said inbound data that is part of 
a transaction, said analysing step including identifying selected outbound and inbound data. 

344. (Original) The method of claim 329 wherein said analysing step is performed at said 
one or more workstations. 

345. (Original) The method of claim 329 wherein said application is a web browser. 

346. (Original) The method of claim 345 wherein said analysing step is a plug-in module 
of said web browser. 

347. (Original) The method of claim 346 wherein said web browser is Microsoft's Internet 
Explorer and said plugOin module is a Browser Helper Object. 

348. (Original) The method of claim 329 wherein said application is an e-mail client. 

349. (Original) The method of claim 348 wherein said analysing step is performed by a 
plug-in module of said e-mail client. 

350. (Original) The method of claim 349 wherein said e-mail client is Microsoft's Outlook 
e-mail client and said analyser is a Microsoft Exchange client extension. 

35 1 . (Original) The method of claim 329 wherein said network comprises a server and 
said analyser is located at a point on said network intermediate said one or more workstations 
and said server, or said analyser is located at said server. 

352. (Original) The method of claim 329 wherein said computer network to which said 
one or more workstations are adapted for connection is a public computer network, and wherein 
said one or more workstations together form a private computer network. 



US 1 DOCS 5045076vl 



U.S. Patent Application No. 09/923,704 
Reply to Office Action Dated January 6, 2005 
Page 52 

353. (Original) The method of claim 329 further comprising the step of providing a 
supervisor workstation, said policy data being accessible by said supervisor workstation, such 
that a user of said supervisor workstation can edit said policy data. 

354. (Withdrawn) A computer program product, for controlling a computer to manage 
information, said computer being connected to a public network and having access to policy data 
containing rules for the transmission to the public network of outbound data that may be part of a 
transaction, comprising: a recording medium readable by the computer, having program code 
recorded thereon which when executed on said computer configures the computer to: analyse, in 
conjunction with an application running on the computer that is operable to transmit outbound 
data to the public network and receive inbound data from the public network, at least said 
outbound data to identify, with reference to said rules of said policy data, transaction data that 
may be part of a transaction to determine, in accordance with said rules of said policy data, 
whether the transmission of said transaction data would satisfy said rules; and to control the 
computer to control the transmission of said transaction data by said application in dependence 
on the determination made by said analyser. 

355. (Withdrawn) The computer program product of claim 354 wherein said program code 
when executed on said computer is operable to control the computer such that said transaction 
data is either, transmitted, not transmitted, or sent to an approver who determines whether or not 
to transmit the transaction data. 

356. (Withdrawn) The computer program product of claim 355 wherein the program code 
when executed on said computer is further operable to identify in said data that may be part of a 
transaction, data that needs approval; refer said data that needs approval to one or more 
approvers for approval, and monitor whether or not approval is received from said one or more 
approvers; and wherein the transmission of said transaction data by said application depends on 
whether or not approval is received from said one or more approvers; 

357. (Withdrawn) The computer program product of claim 356 wherein said program code 
when executed on said computer is further operable to identify said transaction data that needs 
approval by determining the nature of said transaction data and checking said rules of said policy 
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data, said rules of said policy data defining whether or not approval is needed in dependence on 
the determined nature of said transaction data. 

358. (Withdrawn) The computer program product of claim 356 wherein said program code 
when executed on said computer is further operable to determine the nature of said transaction 
data by identifying at least one of the identity of the transmitter of said data, the identity of the 
intended recipient of said data, the computer in the private network from which said data is to be 
transmitted, the sum for which a transaction is to be made, and the account from which a 
transaction is to be made. 

359. (Withdrawn) The computer program product of claim 356 wherein said program code 
when executed on said computer is further operable to determine the nature of said transaction 
data that needs approval and select said one of said one or more approvers in dependence on that 
determination. 

360. (Withdrawn) The computer program product of claim 359 wherein said program code 
when executed on said computer is operable to determine the nature of said transaction data that 
needs approval by identifying at least one of the identity of the transmitter of said data, the 
identity of the intended recipient of said data, the computer in the private network from which 
said data is to be transmitted, the sum for which a transaction is to be made, and the account 
from which the transaction is to be made. 

361 . (Withdrawn) The computer program product of claim 354 wherein said program code 
when executed on said computer is operable to determine whether a secure link has been 
negotiated between said application and a remote site on said public network, and to identify said 
outbound data or said inbound data as transaction data, if it is transmitted on a secure link. 

362. (Withdrawn) The computer program product of claim 361 wherein said public network 
is the Internet, and said rules of said policy data define the addresses of web sites or e-mail 
accounts that negotiate secure links for the transmission of data but which are known not to be 
eCommerce sites or accounts, and said program code when executed on said computer is 
operable to disregard said outbound data transmitted to those web sites or accounts or said 
inbound data received from those web sites or accounts, such that no approval is required. 
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363. (Withdrawn) The computer program product of claim 354 wherein said program code 
when executed on said computer is operable to identify transaction data by reference to said rules 
of said policy data, said rules of said policy data defining the addresses of known eCommerce 
web sites and the e-mail accounts. 

364. (Withdrawn) The computer program product of claim 354 wherein said program code 
when executed on said computer is operable to identify credit card numbers in said outbound 
data or said inbound data, and to identify outbound data or inbound data that contains a credit 
card number as transaction data. 

365. (Withdrawn) The computer program product of claim 364 wherein said policy data 
specifies pre-determined credit card numbers that can never be transmitted. 

366. (Withdrawn) The computer program product of claim 354 wherein said program code 
when executed on said computer is operable to identify transaction data by reference to said rules 
of said policy data, said rules of said policy data defining one or more of pre-determined digital 
certificates, account codes, pre-determined keywords, pre-determined names and addresses and 
embedded codes. 

367. (Withdrawn) The computer program product of claim 354 wherein said program code 
when executed on said computer is operable to detect an embedded code in said inbound data, 
said embedded code having been placed in said inbound data to mark said inbound data as 
transaction data. 

368. (Withdrawn) The computer program product of claim 354 further comprising, a 
selector, recorded on said recording medium, said selector being operable to select data in said 
outbound and said inbound data that is part of a transaction in response to input from a user, said 
program code when executed on said computer being operable to identify said outbound and said 
inbound data so selected. 

369. (Withdrawn) The computer program product of claim 354 wherein said program code is 
executable at said computer. 

370. (Withdrawn) The computer program product of claim 354 wherein said application is a 
web browser. 
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37 1 . (Withdrawn) The computer program product of claim 370 wherein said program code 
when executed on said computer is a plug-in module of said web browser. 

372. (Withdrawn) The computer program product of claim 371 wherein said web browser is 
Microsoft's Internet Explorer and said plug-in module is a Browser Helper Object. 

373. (Withdrawn) The computer program product of claim 354 wherein said application is an 
e-mail client. 

374. (Withdrawn) The computer program product of claim 373 wherein said program code 
when executed on said computer is a plug-in module of said e-mail client. 

375. (Withdrawn) The computer program product of claim 374 wherein said e-mail client is 
Microsoft's Outlook e-mail client and said plug-in module is a Microsoft Exchange client 
extension. 

376. (Withdrawn) The computer program product of claim 354 wherein said public network 
includes a server and said program code is executable at a point on said network intermediate 
said computer and said server, or said program code is executable at said server. 

377. (Original) An information management system comprising: 

one or more workstations adapted for connection to a computer network, each 
workstation having a memory; 

an application stored in said memory of each workstation for receiving at least inbound 
data from said network; 

an analyser, said analyser being operable in conjunction with said application to monitor 
said inbound data and to identify in at least said inbound data, signed data that has been digitally 
signed with a digital certificate, to extract one or more details of said signed data and to 
determine whether or not verification is required for said digital certificate; 

policy data, accessible by said analyser, containing rules which define whether or not 
verification is required for said digital certificate; and wherein said analyser determines whether 
or not verification is required for said digital certificate in dependence on said rules of said 
policy data and in dependence on said one or more details of said signed data extracted by said 
analyser. 
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378. (Original) The system of claim 377 wherein said verification for said digital 
certificate includes determining whether said digital certificate has been revoked. 

379. (Original) The system of claim 378 wherein said analyser is further operable to 
determine whether said signed data is part of an eCommerce transaction, and if it is, to determine 
the amount of money that is promised in that eCommerce transaction, wherein said verification 
for the digital certificate also includes determining whether said digital certificate can be taken as 
a guarantee of receiving the amount of money promised in said eCommerce transaction. 

380. (Original) The system of claim 377 wherein said analyser is operable to extract as 
one or more details of said signed data, one or more of said digital certificate holder's identity, 
the expiry date of said digital certificate, the issue number of said digital certificate, and the 
domain name from which the signed data was received, and wherein said rules of said policy file 
define whether or not verification for said digital certificate is required in dependence on the one 
or more details extracted by said analyser. 

381. (Original) The system of claim 377 wherein said analyser is operable to determine 
whether or not an eCommerce transaction is occurring, and to extract, as one or more details of 
said signed data, the amount of any transaction being made with said digital certificate, the 
account code from which any payment is being made, a credit card number, one or more 
indicators of the nature of the transaction, and wherein said rules of said policy file define 
whether or not verification is required for a digital certificate in dependence on the one or more 
details extracted by said analyser. 

382. (Original) The system of claim 381 further comprising a data repository in which, 
digital certificates used to digitally sign any previously received signed data or sufficient 
descriptive data to identify any such digital certificates, and transaction data describing any 
previous transactions made with those digital certificates are stored, said transaction data being at 
least one or more of the date of any previous transactions made with a digital certificate, and the 
amount of any previous transaction made with that digital certificate, and wherein said rules of 
said policy file define whether or not verification for said digital certificate is required in 
dependence on said transaction data. 
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383. (Original) The system of claim 377 further comprising a data repository, accessible 
by said analyser, wherein said analyser is operable to identify any digital certificates that are 
used to digitally sign signed data in at least said inbound data, and to cause any such digital 
certificates, or sufficient descriptive data to identify such digital certificates to be stored in said 
data repository. 

384. (Original) The system of claim 383 wherein said analyser is operable, to record the 
results of any verification for an digital certificate in said data repository together with said 
digital certificate or together with said descriptive data. 

385. (Original) The system of claim 384 wherein said analyser is operable, if it identifies a 
digital certificate in said inbound data, to determine whether said digital certificate has been 
previously stored in said data repository, or whether said descriptive information identifying said 
digital certificate has been stored in said data repository, and if said digital certificate has been 
previously stored, to look-up the results of any previous verification of whether said digital 
certificate has been revoked, wherein said analyser determines whether or not to verify if said 
digital certificate has been revoked in dependence on said results of any previous verification of 
whether said identified digital certificate has been revoked. 

386. (Original) The system of claim 377 wherein said analyser is further operable to 
verify whether or not a digital certificate has been revoked, and wherein said application is 
operable to prevent said inbound data being viewed by a user of said application if said analyser 
determines that said digital certificate has been revoked. 

387. (Original) The system of claim 377 wherein said analyser is further operable to 
verify whether or not a digital certificate has been revoked, and said application is operable to 
notify a user of said application that said inbound data is not to be relied upon if said analyser 
determines that said digital certificate has been revoked. 

388. (Original) The system of claim 377 wherein said analyser is located on each of said 
one or more workstations. 

389. (Original) The system of claim 377 wherein said application is a web browser. 
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390. (Original) The system of claim 389 wherein said analyser is a plug-in module of said 
web browser. 

391. (Original) The system of claim 390 wherein said web browser is Microsoft's Internet 
Explorer and said analyser is a Browser Helper Object. 

392. (Original) The system of claim 377 wherein said application is an e-mail client. 

393. (Original) The system of claim 392 wherein said analyser is a plug-in module of said 
e-mail client. 

394. (Original) The system of claim 393 wherein said e-mail client is Microsoft's Outlook 
e-mail client and said analyser is a Microsoft client extension. 

395. (Original) The system of 377 wherein said network comprises a server, and said 
analyser is located at a point on said network intermediate said one or more workstations and 
said server, or said analyser is located at said server. 

396. (Original) The system of claim 377 wherein said computer network to which said 
one or more workstations are adapted for connection is a public computer network, and wherein 
said one or more workstations together form a private computer network. 

397. (Original) The system of claim 377 further comprising a supervisor workstation, said 
policy data being accessible by said supervisor workstation, such that a user of said supervisor 
workstation can edit said policy data. 

398. (Original) A method of managing information comprising the steps of: 
providing one or more workstations adapted for connection to a computer network, each 

workstation having a memory; 

providing an application stored in said memory of each workstation for receiving at least 
inbound data from said network; 

providing policy data, containing rules which define whether or not verification is 
required for a digital certificates used to digitally sign signed data received in said inbound data; 

identifying in at least said inbound data, signed data that has been digitally signed with a 
digital certificate; 
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extracting one or more details of said signed data; and 

determining whether or not verification is required for said digital certificate in 
dependence on said rules of said policy data and in dependence on said one or more details of 
said signed data extracted in said extracting step. 

399. (Original) The method of claim 398 wherein said verification for the digital 
certificate includes determining whether the digital certificate has been revoked. 

400. (Original) The method of claim 399 further comprising the step of determining 
whether said signed data is part of an eCommerce transaction, and if it is, determining the 
amount of money that is promised in that eCommerce transaction, wherein said verification for 
the digital certificate also includes determining whether said digital certificate can be taken as a 
guarantee of receiving the amount of money promised in said eCommerce transaction. 

401. (Original) The method of claim 398 wherein said one or more details of said signed 
data extracted in said extracting step, include one or more of said digital certificate holder's 
identity, the expiry date of said digital certificate, the issue number of said digital certificate, and 
the domain name from which the signed data was received, and wherein said rules of said policy 
file define whether or not verification for said digital certificate is required in dependence on the 
one or more details. 

402. (Original) The method of claim 398 further comprising the step of determining 
whether or not an eCommerce transaction is occurring, and if it is, extracting in said extracting 
step, as one or more details of said inbound data, the amount of any transaction being made with 
said digital certificate, the account code from which any payment is being made, a credit card 
number, one or more indicators of the nature of the transaction, and wherein said rules of said 
policy file define whether or not verification is required for a digital certificate in dependence on 
said one or more details. 

403. (Original) The method of claim 402 further comprising the step of providing a data 
repository in which digital certificates used to digitally sign any previously received signed data 
or sufficient descriptive data to identify any such digital certificates, and transaction data 
describing any previous transactions made with those digital certificates are stored; said 
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transaction data being at least one or more of the date of any transactions made with a digital 
certificate, and the amount of any transaction made with that digital certificate, and wherein said 
rules of said policy file define whether or not verification for said digital certificate is required in 
dependence on said transaction data. 

404. (Original) The method of claim 398 further comprising the steps of identifying 
digital certificates used to sign signed data in said inbound data or digital certificates transmitted 
in said inbound data and storing said digital certificates or sufficient descriptive data to identify 
said digital certificates in said data repository. 

405. (Original) The method of claim 404 further comprising the steps of recording the 
results of any verification for an digital certificate in said data repository together with said 
digital certificate. 

406. (Original) The method of claim 405 further comprising the step of determining 
whether said digital certificate has been previously stored in said data repository, and if it has 
been previously stored, to look-up the results of any previous verification for said digital 
certificate, wherein said step of determining whether or not verification is required for said 
digital certificate is dependent on said results of any previous verification for said digital 
certificate. 

407. (Original) The method of claim 398 further comprising the steps of determining 
whether or not a digital certificate has been revoked, and preventing said inbound data being 
viewed by a user of said application if said identified digital certificate has been revoked. 

408. The method of claim 398 further comprising the steps of determining whether or not a 
digital certificate has been revoked, and notifying a user of said application that said inbound 
data is not to be relied upon if said digital certificate has been revoked. 

409. (Original) The method of claim 398 wherein said steps of identifying a digital 
certificate, extracting one or more details from said signed data and determining whether or not 
verification is required are performed at said one or more workstations. 

410. (Original) The method of claim 398 wherein said application is a web browser. 
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411. (Original) The method of claim 410 wherein said steps of identifying a digital 
certificate, extracting one or more details from said signed data and determining whether or not 
verification is required are performed by a plug-in module of said web browser. 

412. (Original) The method of claim 411 wherein said web browser is Microsoft's Internet 
Explorer and said plug-in module is a Browser Helper Object. 

413. (Original) The method of claim 398 wherein said application is an e-mail client. 

414. (Original) The method of claim 413 wherein said steps of identifying a digital 
certificate, extracting one or more details from said signed data and determining whether or not 
verification is required are performed by a plug-in module of said e-mail client. 

415. (Original) The method of claim 416 wherein said e-mail client is Microsoft's Outlook 
e-mail client and said plug-in module is a Microsoft Exchange client extension. 

416. (Original) The method of claim 398 wherein said network comprises a server, and 
said steps of identifying a digital certificate, extracting one or more details from said signed data 
and determining whether or not verification is required are performed at a point on said network 
intermediate said one or more workstations and said server, or said steps of identifying a digital 
certificate, extracting one or more details from said signed data and determining whether or not 
verification is required are performed at said server. 

417. (Original) The method of claim 398 wherein said computer network to which said 
one or more workstations are adapted for connection is a public computer network, and wherein 
said one or more workstations together form a private computer network. 

418. (Original) The method of claim 398 further comprising providing a supervisor 
workstation, said policy data being accessible by said supervisor workstation, such that a user of 
said supervisor workstation can edit said policy data. 

419. (Withdrawn) A computer program product for controlling a computer connected to a 
public network to manage information, said computer having access to policy data containing 
rules which define whether or not verification is required for a digital certificate used to digitally 
sign signed data received in inbound data from the public network, comprising: a recordable 
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medium readable by the computer, having program code recorded thereon which when executed 
on said computer configures said computer to: analyse, in conjunction with an application 
running on the computer that is operable to receive at least inbound data from the public 
network, signed data that has been digitally signed with a digital certificate, to extract one or 
more details of said signed data; to determine whether or not verification is required for said 
digital certificate in dependence on said rules of said policy data and in dependence on the one or 
more extracted details of said signed data; and to control the application in dependence on the 
determination. 

420. (Withdrawn) The computer program product of claim 419 wherein said verification for 
the digital certificate includes determining whether the digital certificate has been revoked. 

421 . (Withdrawn) The computer program product of claim 420 wherein said program code 
when executed on said computer is further operable to determine whether said signed data is part 
of an eCommerce transaction, and if it is, to determine the amount of money that is promised in 
that eCommerce transaction, wherein said verification for the digital certificate also includes 
determining whether said digital certificate can be taken as a guarantee of receiving the amount 
of money promised in said eCommerce transaction. 

422. (Withdrawn) The computer program product of claim 419 wherein said one or more 
details of said signed data, include one or more of said digital certificate holder's identity, the 
expiry date of said digital certificate, the issue number of said digital certificate, and the domain 
name from which the signed data was received, and wherein said rules of said policy file define 
whether or not verification for said digital certificate is required in dependence on the one or 
more details. 

423. (Withdrawn) The computer program product of claim 419 wherein said program code 
when executed on said computer is further operable to determine whether or not an eCommerce 
transaction is occurring, and if it is, to extract as one or more details of said signed data, the 
amount of any transaction being made with said digital certificate, the account code from which 
any payment is being made, a credit card number, one or more indicators of the nature of the 
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transaction, and wherein said rules of said policy file define whether or not verification is 
required for said digital certificate in dependence on said one or more details. 

424. (Withdrawn) The computer program product of claim 423 wherein the program code 
when executed on said computer is further operable to control the computer to record digital 
certificates used to digitally sign any signed data received in said inbound data or sufficient 
descriptive data to identify any such digital certificates, and transaction data describing any 
transactions made with those digital certificates in a data repository such that a record is 
maintained of transactions made with a digital certificate; said transaction data being at least one 
or more of the date of any transactions made with a digital certificate, and the amount of any 
transaction made with that digital certificate, and wherein said rules of said policy file define 
whether or not verification for said digital certificate is required in dependence on said 
transaction data. 

425. (Withdrawn) The computer program product of claim 419 wherein said program code 
when executed on said computer is further operable to control the computer to store digital 
certificates used to sign signed data in said inbound data or digital certificates transmitted in said 
inbound data and storing said digital certificates or sufficient descriptive data to identify said 
digital certificates in a data repository. 

426. (Withdrawn) The computer program product of claim 425 wherein said program code 
when executed on said computer is further operable control the computer to record the results of 
any verification for an identified digital certificate in said data repository together with said 
identified digital certificate. 

427. (Withdrawn) The computer program product of claim 426 wherein said program code 
when executed on said computer is operable to determine whether said identified digital 
certificate has been previously stored in said data repository, and if it has been previously stored, 
to look-up the results of any previous verification for said identified digital certificate, wherein 
the determination of whether or not verification is required for said identified digital certificate is 
dependent on said results of any previous verification for said identified digital certificate. 
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428. (Withdrawn) The computer program product of claim 419 wherein said program code 
when executed on said computer is operable to determine whether or not a digital certificate has 
been revoked, and control said application to prevent said inbound data being viewed by a user 
of said application if said identified digital certificate has been revoked. 

429. (Withdrawn) The computer program product of claim 419 wherein said program code 
when executed on said computer is operable to determine whether or not a digital certificate has 
been revoked, and to control said application to notify a user of said application that said 
inbound data is not to be relied upon if said identified digital certificate has been revoked. 

430. (Withdrawn) The computer program product of claim 419 wherein said program code is 
executable at said computer. 

43 1 . (Withdrawn) The computer program product of claim 419 wherein said application is a 
web browser. 

432. (Withdrawn) The computer program product of claim 43 1 wherein said program code 
when executed on said computer is a plug-in module of said web browser. 

433. (Withdrawn) The computer program product of claim 432 wherein said web browser is 
Microsoft's Internet Explorer and said plug-in module is a Browser Helper Object. 

434. (Withdrawn) The computer program product of claim 419 wherein said application is an 
e-mail client. 

435. (Withdrawn) The computer program product of claim 434 wherein said program code 
when executed on said computer is a plug-in module of said e-mail client. 

436. (Withdrawn) The computer program product of claim 435 wherein said e-mail client is 
Microsoft's Outlook e-mail client and said plug-in module is a Microsoft Exchange client 
extension. 

437. (Withdrawn) The computer program product of claim 419 wherein said network 
includes a server and said program code is executable at a point on said network intermediate 
said computer and said server, or said program code is executable at said server. 

438. (Currently Amended) An information management system comprising: 
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a plurality of workstations adapted for connection to a computer network, each 
workstation having a memory; 

storage means for storing data received from each of said workstations; 

application means, stored in said memory of each workstation, for transmitting outbound 
data to said network and receiving inbound data from said network; 

policy storage means for providing policy data containing rules defining relevant 
commercial data which is to be stored in said storage means; and 

analyzing means, operable in conjunction with said policy means, for monitoring at least 
one of said outbound data and said inbound data, identifying in at least one of said outbound data 
and said inbound data, relevant commercial data that is to be stored in said storage means in 
accordance with said rules in said policy means, and causing said relevant commercial data to be 
stored in said storage means. 

439. (Currently Amended) The system of claim 438 wherein said relevant commercial data 
that is to be stored in said storage means is encrypted prior to it being transmitted to said storage 
means. 

440. (Currently Amended) The system of claim 438 wherein said relevant commercial data 
that is stored in said storage means is encrypted. 

441. (Previously Presented) The system of claim 438 wherein said computer network, to 
which said one or more workstations are adapted for connection, is the Internet. 

442. (Currently Amended) The system of claim 441 wherein said analyzing means is operable 
to identify, as relevant commercial data, at least one of usernames and passwords used to identify 
a user, and usernames and passwords used to access web pages on the Internet, and the URL 
address of the web page at which those usernames and passwords are used, 

said identified usernames, passwords and said identified URLs being stored in said 
storage means. 

443. (Previously Presented) The system of claim 442 wherein said analyzing means is 
operable to identify usernames and passwords from the field names of data contained in at least 
one of said outbound data and said inbound data. 
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444. (Previously Presented) The system of claim 442 wherein a representation of the input 
fields of a web page is stored in said memory of said one or more workstations, and wherein said 
analyzing means is operable to identify usernames and passwords from said representation. 

445. (Previously Presented) The system of claim 442 wherein said analyzing means is 
operable to identify usernames or passwords from the field types of data contained in said 
outbound or said inbound data. 

446. (Currently Amended) The system of claim 441 wherein said analyzing means is operable 
to identify, as relevant commercial data, digital certificates contained in at least one of said 
outbound or said inbound data or used to digitally sign signed data in said inbound data or said 
outbound data, or sufficient descriptive data to identify such digital certificates, 

said digital certificates and/or said descriptive data being stored in said storage means. 

447. (Currently Amended) The system of claim 446 wherein said analyzing means is operable 
to identify one or more of the following data as relevant commercial data: 

whether or not said digital certificate has been revoked; 
the identity of the holder of said digital certificate; 

the amount of any eCommerce transaction being made that is related to said digital 
certificate; 

the goods or services being sold in any eCommerce transaction being made with said 
digital certificate; 

the date of receipt of said digital certificate; 
and wherein said identified data is stored with said digital certificate in said storage means. 

448. (Currently Amended) The system of claim 441 wherein the analyzing means is operable 
to identify when an eCommerce transaction is occurring and if an eCommerce transaction is 
identified as occurring, to identify in said outbound or said inbound data one or more of the 
following data as relevant commercial data: 

the URL address or e-mail address of the remote location to which outbound data is being 
transmitted or inbound data is being received; 

the web pages accessed by a user of said one or more workstations during the transaction; 
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the amount of the transaction; 

the goods or services being traded in the transaction; 

the date of the transaction; and 

wherein said relevant commercial data is stored in said storage means. 

449. (Previously Presented) The system of claim 438 wherein said analyzing means is located 
on each of said one or more workstations. 

450. (Previously Presented) The system of claim 438 wherein said application means is a web 
browser. 

451. (Previously Presented) The system of claim 450 wherein said analyzing means is a plug- 
in module of said web browser. 

452. (Previously Presented) The system of claim 451 wherein said web browser is 
Microsoft's Internet Explorer and said analyzing means is a Browser Helper Object. 

453. (Previously Presented) The system of claim 438 wherein said application means is an e- 
mail client. 

454. (Previously Presented) The system of claim 453 wherein said analyzing means is a plug- 
in module of said e-mail client. 

455. (Previously Presented) The system of claim 454 wherein said e-mail client is Microsoft's 
Outlook e-mail client and said analyzing means is a Microsoft Exchange client extension. 

456. (Previously Presented) The system of claim 438 wherein said network includes a server 
and said analyzing means is located at a point on said network intermediate said one or more 
workstations and said server, or said analyzing means is located at said server. 

457. (Currently Amended) The system of claim 438 further comprising a supervisor 
workstation, said supervisor workstation having access to said storage means and being operable 
to view said relevant commercial data stored in said storage means. 

458. (Previously Presented) The system of claim 457 wherein said policy storage means is 
accessible by said supervisor workstation, such that a user of said supervisor workstation can edit 
said policy data. 
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459. (Currently Amended) The system of claim 438 wherein a workstation of said plurality of 
workstations has access to said storage means and is operable to view said relevant commercial 
data stored in said storage means. 

460. (Previously Presented) The system of claim 438 wherein said computer network to 
which said one or more workstations are adapted for connection is a public computer network, 
and wherein said one or more workstations together form a private computer network. 

461. (Withdrawn) A system for recording passwords and usernames comprising: 

a plurality of workstations adapted for connection to the Internet, each workstation 
having a memory; 

storage means for receiving data from each of said workstations; 

application means, stored in said memory of each workstation, for transmitting outbound 
data and receiving inbound data from the Internet; and/or application means for receiving user 
input data; and 

analyzing means for monitoring at least one of said input data, said outbound data and 
said inbound data, to identify usernames and passwords contained in said user input data, said 
outbound data or said inbound data, and for causing said usernames and passwords to be stored 
in said storage means. 

462. (Withdrawn) The system of claim 461 wherein said analyzing means is operable to 
determine whether the usernames and passwords are used to access a web page, and if they are, 
to identify the URL address of said web page and cause said URL to be stored in said storage 
means with said usernames and passwords. 

463. (Withdrawn) The system of claim 461 wherein said relevant usernames and passwords 
data are encrypted prior to being transmitted to said storage means. 

464. (Withdrawn) The system of claim 461 wherein said relevant usernames and passwords 
that are stored in said storage means are encrypted. 
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465. (Withdrawn) The system of claim 461 wherein said analyzing means is operable to 
identify said relevant usernames and passwords from the field names of data contained in at least 
one of said outbound data or said inbound data. 

466. (Withdrawn) The system of claim 461 wherein a representation of the input fields of a 
web page is stored in said memory of said one or more workstations, and wherein said analyzing 
means is operable to identify said relevant usernames and passwords from said representation. 

467. (Withdrawn) The system of claim 461 wherein said analyzing means is operable to 
identify said relevant usernames or passwords from the field types of data contained in said 
outbound or said inbound data. 

468. (Withdrawn) The system of claim 461 wherein said application means has a user 
interface provided with a 'remember password' option which when selected stores input 
usernames and passwords in memory, and said analyzing means is operable to identify said 
relevant usernames and passwords in said input usernames and passwords stored in memory. 

469. (Withdrawn) The system of claim 461 wherein said analyzing means is located on each 
of said one or more workstations. 

470. (Withdrawn) The system of claim 461 wherein said application means is a web browser. 

471. (Withdrawn) The system of claim 470 wherein said analyzing means is a plug-in module 
of said web browser. 

472. (Withdrawn) The system of claim 471 wherein said web browser is Microsoft's Internet 
Explorer and said analyzing means is a Browser Helper Object. 

473. (Withdrawn) The system of claim 461 wherein said network comprises a server and said 
analyzer is located at a point on said network intermediate said one or more workstations and 
said server, or said analyzing means is located at said server. 

474. (Withdrawn) The system of claim 461 further comprising a supervisor workstation, said 
supervisor workstation having access to said storage means and being operable to view said 
relevant usernames and passwords stored in said storage means. 
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475. (Withdrawn) The system of claim 461 wherein a workstation of said plurality of 
workstations has access to said storage means and is operable to view said relevant usernames 
and passwords stored in said storage means. 

476. (Previously Presented) An information management system comprising: 
one or more workstations adapted for connection to a computer network, each 

workstation having a memory; 

application means, stored in said memory of each workstation, for transmitting outbound 
data to said network and receiving inbound data from said network; 

policy storage means, for storing policy data containing rules specifying an appropriate 
encryption strength for outbound data, the encryption strength depending on the content of the 
data; and 

analyzing means, operable in conjunction with said policy data, for monitoring said 
outbound data to determine, in accordance with said rules in said policy data, an appropriate 
encryption strength for the outbound data; 

wherein said analyzing means controls transmission of said outbound data from said 
application means in dependence upon said determination of an appropriate encryption strength. 

477. (Previously Presented) The system of claim 476 wherein said rules in said policy data 
define confidential data which can not be transmitted, said analyzing means being operable in 
conjunction with said policy data to prevent said confidential data being transmitted from said 
application means. 

478. (Previously Presented) The system of claim 476 wherein said analyzing means is further 
operable to determine the present encryption strength in use for transmitting said outbound data; 
and 

wherein said analyzing means controls transmission of said outbound data from said 
application means both in dependence upon said determination of an appropriate encryption 
strength and in dependence upon said determination of the present encryption strength in use. 

479. (Previously Presented) The system of claim 478 wherein if the analyzing means 
determines that the present encryption strength in use for transmitting outbound data is less than 
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said appropriate encryption strength, then said analyzing means prevents transmission of said 
outbound data from said application means. 

480. (Previously Presented) The system of claim 478 wherein if the analyzing means 
determines that the present encryption strength in use for transmitting outbound data is less than 
said appropriate encryption strength, then said analyzing means prevents transmission of said 
outbound data from said application means and controls said application to renegotiate an 
encryption strength for transmission that is appropriate. 

481. (Previously Presented) The system of claim 478 wherein if the analyzing means 
determines that the present encryption strength in use for transmitting outbound data is less than 
said appropriate encryption strength, then said analyzing means modifies the outbound data such 
that the present encryption strength is an appropriate encryption strength for the transmission of 
the modified outbound data. 

482. (Previously Presented) The system of claim 478 wherein if the analyzing means 
determines that the present encryption strength in use for transmitting outbound data is less than 
said appropriate encryption strength, then said analyzing means controls said application means 
to notify a user of said application means that the encryption strength in use is not sufficient. 

483. (Previously Presented) The system of claim 476 wherein the analyzing means is further 
operable to identify credit card numbers in said outbound data. 

484. (Previously Presented) The system of claim 483 wherein the analyzing means is further 
operable to distinguish a predetermined set of credit card numbers from other credit card 
numbers, wherein said rules of said policy data define different appropriate encryption strengths 
for outbound data containing credit card numbers in the predetermined set than for other credit 
card numbers. 

485. (Previously Presented) The system of claim 484 wherein said rules of said policy data 
specify that there is no appropriate encryption strength for a pre-determined set of one or more 
credit card numbers. 

486. (Previously Presented) The system of claim 476 wherein said analyzing means is further 
operable to identify at least one or more of, credit card numbers, account codes, usernames, 
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passwords, names and addresses and other predetermined keywords in the content of said 
outbound data. 

487. (Previously Presented) The system of claim 476 wherein said rules in said policy data 
specify an appropriate encryption strength for said outbound data, that is dependent on the 
address to which said outbound data is to be transmitted. 

488. (Previously Presented) The system of claim 476 wherein said analyzing means is located 
on each of said one or more workstations. 

489. (Previously Presented) The system of claim 476 wherein said application means is a web 
browser. 

490. (Previously Presented) The system of claim 489 wherein said analyzing means is a plug- 
in module of said web browser. 

491 . (Previously Presented) The system of claim 490 wherein said web browser is 
Microsoft's Internet Explorer and said analyzing means is a Browser Helper Object. 

492. (Previously Presented) The system of claim 476 wherein said application means is an e- 
mail client. 

493. (Previously Presented) The system of claim 492 wherein said analyzing means is a plug- 
in module of said e-mail client. 

494. (Previously Presented) The system of claim 493 wherein said e-mail client is Microsoft's 
Outlook e-mail client and said analyzing means is a Microsoft client extension. 

495. (Previously Presented) The system of claim 476 wherein said network comprises a 
server and said analyzing means is located at a point on said network intermediate said one or 
more workstations and said server, or said analyzing means is located at said server. 

496. (Previously Presented) The system of claim 476 wherein said computer network to 
which said one or more workstations are adapted for connection is a public computer network, 
and wherein said one or more workstations together form a private computer network. 
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497. (Previously Presented) The system of claim 476 further comprising a supervisor 
workstation, said policy data being accessible by said supervisor workstation, such that a user of 
said supervisor workstation can edit said policy data. 

498. (Currently Amended) An information management system comprising: 

a plurality of client workstations adapted for connection to a computer network, each 
workstation having a memory; 

storage means for storing data received from each of said client workstations; 

application means, stored in said memory of each workstation, for transmitting outbound 
data to said network and receiving inbound data from said network; 

policy storage means for storing policy data defining rules for the recording of data that 
may comprise part of a commercial transaction conducted between a client workstation and a 
third party across said computer network; and 

analyzing means, operable in conjunction with said policy data, for analyzing at least one 
of said outbound data and said inbound data, to identify the existence of a commercial 
transaction occurring between a client workstation and a third party, and for causing transaction 
data that is all or part of said outbound data or said inbound data related to an identified 
commercial transaction to be stored in said storage means. 

499. (Currently Amended) The system of claim 498 wherein said analyzing means is operable 
to determine whether a secure link has been negotiated between said application means and a 
remote site on said network, and to identify the existence of a commercial transaction if said 
outbound data or said inbound data is transmitted on a secure link. 

500. (Currently Amended) The system of claim 499 wherein said network is the Internet, and 
said rules of said policy data define the addresses of non-eCommerce web sites and/or non- 
eCommerce e-mail accounts, said analyzing means being operable to disregard any commercial 
transactions that are identified between a client workstation and a non-eCommerce web site 
and/or e-mail account such that no transaction data related to a commercial transaction made to a 
non-eCommerce web sites or a non-eCommerce e-mail account is stored in the storage means. 
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501. (Currently Amended) The system of claim 498 wherein said analyzing means is operable 
to identify the existence of a commercial transaction by reference to said rules of said policy 
data, said rules of said policy data defining the addresses of known eCommerce locations. 

502. (Currently Amended) The system of claim 498 wherein said analyzing means is operable 
to identify credit card numbers, and to identify the existence of a commercial transaction by 
identifying credit card numbers in said outbound data or inbound data. 

503. (Currently Amended) The system of claim 498 wherein said analyzing means is operable 
to identify the existence of a commercial transaction by reference to said rules of said policy 
data, said rules of said policy data defining one or more of pre-determined digital certificates, 
account codes, pre-determined keywords, pre-determined names and addresses and embedded 
codes. 

504. (Previously Presented) The system of claim 498 wherein said analyzing means is 
operable to identify embedded codes in said inbound data, said embedded code having been 
placed in said inbound data to identify it as transaction data. 

505. (Currently Amended) The system of claim 498 wherein said analyzing means is operable 
to identify electronic receipts, and to identify the existence of a commercial transaction by 
identifying an electronic receipt in said outbound or inbound data. 

506. (Currently Amended) The system of claim 498 wherein said analyzing means is operable 
to record a pre-determined number of subsequent transmissions of said outbound data or said 
inbound data following an identification of the existence of a commercial transaction by said 
analyzing means, providing that the address or organization to which the subsequent 
transmissions are sent, or from which they are received, is the same as the address or 
organization to which the outbound data was sent or from which the inbound data was received 
and in which the existence of a commercial transaction was identified. 

507. (Currently Amended) The system of claim 506, wherein said analyzing means is 
operable to detect one or more indicators of the nature of the commercial transaction, and said 
rules of said policy data define the number of subsequent transmissions of said outbound data 
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and said inbound data that are to be recorded in said storage means based on the identified nature 
of the commercial transaction. 

508. (Currently Amended) The system of claim 506 wherein said rules of said policy data 
define the number of subsequent transmissions of said outbound and said inbound data that are to 
be stored in said storage means in dependence on the indicator by which the existence of a 
commercial transaction was identified. 

509. (Currently Amended) The system of claim 498 wherein said analyzing means is operable 
to record all subsequent transmissions of said outbound data or said inbound data that occur 
within a pre-determined amount of time following an identification of the existence of a 
commercial transaction by said analyzing means, providing that the address or organization to 
which the subsequent transmissions are sent, or from which they are received, is the same as the 
address or organization to which the outbound data was sent or from which the inbound data was 
received and in which the existence of a commercial transaction was identified. 

510. (Currently Amended) The system of claim 509, wherein said analyzing means is 
operable to detect one or more indicators of the nature of the commercial transaction, and said 
rules of said policy data define the amount of time for which all subsequent transmissions of said 
outbound data and said inbound data are to be recorded in said storage means based on the 
identified nature of the commercial transaction. 

511. (Currently Amended) The system of claim 509 wherein said rules of said policy data 
define the amount of time for which subsequent transmissions of said outbound and said inbound 
data are to be stored in said storage means in dependence on the indicator by which the existence 
of a commercial transaction was identified. 

512. (Currently Amended) The system of claim 498 wherein said analyzing means is further 
operable to identify the completion of a commercial transaction by analyzing said outbound data 
or said inbound data, and to cause all or part of said outbound data transmitted by said 
application means and all or part of said inbound data received by said application means after 
said analyzing means has identified the existence of a commercial transaction and before said 
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analyzing means has identified the completion of a commercial transaction to be stored in said 
storage means. 

513. (Currently Amended) The system of claim 512 wherein said analyzing means is operable 
to identify subsequent related data in said outbound data transmitted by said application means 
and said inbound data received by said application means after said analyzing means has 
identified the completion of a commercial transaction, and to cause said subsequent related data 
to be stored in said storage means with said transaction data already identified. 

514. (Currently Amended) The system of claim 513 wherein said analyzing means is operable 
to identify said subsequent related data by identifying common indicators in both said transaction 
data already identified and said outbound data transmitted by said application means and said 
inbound data received by said application means after said analyzing means has identified the 
completion of a commercial transaction, said common indicators being one or more of the 
address of the location to which said outbound data is transmitted or from which said inbound 
data is received, part of the data path to the location to which said outbound data is transmitted or 
from which said inbound data is received, account code or reference numbers. 

515. (Currently Amended) The system of claim 498 wherein said application means is 
operable such that a user of said application means can indicate said outbound and said inbound 
data that is related to a commercial transaction, said analyzing means being operable to identify 
said outbound and said inbound data so indicated. 

516. (Currently Amended) The system of claim 498 wherein said application means is 
operable to store all of said outbound data and said inbound data in said memory of said 
workstation as previous data, irrespective of whether it may or may not be part of a commercial 
transaction and, said analyzing means is operable, if the existence of a commercial transaction is 
identified, to retrieve a pre-determined amount of previous data from said outbound data and said 
inbound data stored in said memory of said workstation, and to cause said previous data to be 
stored in said storage means with said transaction data. 
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517. (Currently Amended) The system of claim 516 wherein said rules of said policy data 
specify the amount of previous data that is to be retrieved in dependence on the indicator by 
which the existence of a commercial transaction is identified. 

518. (Previously Presented) The system of claim 516 wherein said network is the Internet and 
said application means is a web browser, said web browser being operable to store each web 
page that is viewed by said web browser in memory as previous data. 

519. (Currently Amended) The system of claim 518 wherein said rules of said policy data 
specify the number of web pages that are to be retrieved from those previously stored in memory 
in dependence on the indicator by which the existence of a commercial transaction is identified. 

520. (Currently Amended) The system of claim 498 wherein said application means is 
operable to store all of said outbound data and said inbound data in memory as previous data, 
irrespective of whether it may or may not be part of a commercial transaction and, said analyzing 
means is operable, if the existence of a commercial transaction is identified, to identify, in said 
previous data, earlier relevant data that is related to said transaction data already identified, and 
to cause said earlier relevant data to be stored in said storage means with said transaction data. 

521. (Previously Presented) The system of claim 520 wherein said analyzing means is 
operable to identify said earlier relevant data in said previous data, by identifying common 
indicators in both said transaction data and said outbound data and said inbound data previously 
stored in said memory of said workstation, said common indicators being one or more of the 
address of the location to which said outbound data is transmitted or from which said inbound 
data is received, part of the data path to the location to which said outbound data is transmitted or 
said inbound data is received, account code or reference number. 

522. (Currently Amended) The system of claim 498 wherein said application means is 
operable to store all of said outbound data and said inbound data in memory as previous data, 
irrespective of whether it may or may not be part of a commercial transaction, and is further 
operable such that, if said analyzing means identifies the existence of a commercial transaction, a 
user of said application means can select earlier relevant data from said previous data, said 
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earlier relevant data selected by the user being stored in said common storage means together 
with said transaction data. 

523. (Currently Amended) The system of claim 498 wherein said analyzing means is 
operable, once it has identified the existence of a commercial transaction, to determine the nature 
of said commercial transaction by analyzing the content of said outbound and inbound data, and 
said rules of said policy data define how said transaction data is to be stored in said storage 
means in dependence on the nature of the commercial transaction determined by said analyzing 
means, said transaction data being stored in said database according to said determination and 
said rules of said policy data. 

524. (Currently Amended) The system of claim 523 wherein said analyzing means is operable 
to determine the nature of the commercial transaction by identifying in said outbound data and 
said inbound data one or more indicators, said indicators being defined in said rules of said 
policy data, and being one or more of: the address of the network location to which said data that 
may be part of a commercial transaction is transmitted or from which it is received; part of the 
data path to the network location to which said transaction data is transmitted or from which it is 
received; account codes; reference numbers; credit card numbers; digital certificates and pre- 
determined keywords. 

525. (Currently Amended) The system of claim 498 wherein said analyzing means is operable 
to identify, once the existence of a commercial transaction has been identified, one or more 
indicators of the nature of said commercial transaction, said transaction data being stored in said 
storage means such that it is organized by said one or more indicators to form a record. 

526. (Currently Amended) The system of claim 525 wherein said rules of said policy data 
define said one or more indicators of the nature of a commercial transaction, said indicators 
being one or more of: the address of the location to which said transaction data is transmitted or 
from which it is received; part of the data path to the location to which said transaction data is 
transmitted or from which it is received; account codes, reference numbers, credit card numbers, 
digital certificates and pre-determined keywords. 
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527. (Previously Presented) The system of claim 498 wherein said storage means is accessible 
by one or more of an accounts application, an order processing application or other transaction 
management application. 

528. (Previously Presented) The system of claim 498 wherein any data transmitted to said 
storage means is encrypted before it is transmitted to said storage means. 

529. (Previously Presented) The system of claim 498 wherein any data stored in said storage 
means is encrypted. 

530. (Previously Presented) The system of claim 498 wherein said analyzing means is located 
on each of said one or more workstations. 

531. (Previously Presented) The system of claim 498 wherein said application is a web 
browser. 

532. (Previously Presented) The system of claim 531 wherein said analyzing means is a plug- 
in module of said web browser. 

533. (Previously Presented) The system of claim 532 wherein said web browser is 
Microsoft's Internet Explorer and said analyzing means is a Browser Helper Object. 

534. (Previously Presented) The system of claim 498 wherein said application means is an e- 
mail client. 

535. (Previously Presented) The system of claim 534 wherein said analyzing means is a plug- 
in module of said e-mail client. 

536. (Previously Presented) The system of claim 535 wherein said e-mail client is Microsoft's 
Outlook e-mail client and said analyzing means is a Microsoft Exchange client extension. 

537. (Previously Presented) The system of claim 498 wherein said network comprises a 
server, and said analyzing means is located at a point on said network intermediate said one or 
more work stations and said server, or said analyzing means is located at said server. 
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538. (Previously Presented) The system of claim 498 wherein said computer network to 
which said one or more workstations are adapted for connection is a public computer network, 
and wherein said one or more workstations together form a private computer network. 

539. (Previously Presented) The system of claim 498 further comprising a supervisor 
workstation, said policy data being accessible by said supervisor workstation, such that a user of 
said supervisor workstation can edit said policy data. 

540. (Currently Amended) An information management system comprising: 

one or more workstations adapted for connection to a computer network, each 
workstation having a memory; 

application means, stored in said memory of each workstation, for transmitting outbound 
data to said network and receiving inbound data from said network; 

policy storage means for storing policy data, containing rules for identifying in t he 
transmission of outbound data transaction data that is that may be part of a commercial 
transaction , and rules for the transmission of transaction data so identified ; and 

analyzer means, operable in conjunction with said policy data, for identifying in at least 
said outbound data, transaction data that may be part of a transaction, and for determining, in 
accordance with said rules of said policy data, whether the transmission of said transaction data 
would satisfy said rules; 

and wherein the transmission of said transaction data by said application means is 
dependent on said determination made by said analyzing means. 

541. (Previously Presented) The system of claim 540, wherein according to said 
determination made by said analyzing means, said transaction data is either, transmitted, not 
transmitted, or sent to an approver who determines whether or not to transmit the transaction 
data. 

542. (Previously Presented) The system of claim 541 further comprising: 

one or more approvers, for deciding whether the transmission of said data that may be 
part of a transaction may be made; 
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wherein said analyzing means is operable to identify in said data that may be part of a 
transaction, data that needs approval and to refer said data that needs approval to one of said one 
or more approvers; and 

the transmission of said data that needs approval being dependent on the decision of said 
one or more approver. 

543. (Previously Presented) The system of claim 542 wherein said analyzing means is 
operable to identify said transaction data that needs approval by determining the nature of said 
transaction data and by checking said rules of said policy data, said rules of said policy data 
defining whether or not approval is needed in dependence on the determined nature of said 
transaction data. 

544. (Previously Presented) The system of claim 542 wherein said analyzing means is 
operable to determine the nature of said transaction data by identifying at least one of the identity 
of the transmitter of said data, the identity of the intended recipient of said data, the workstation 
from which said data is to be transmitted, the sum for which a transaction is to be made, and the 
account against which a transaction is to be made. 

545. (Previously Presented) The system of claim 542 wherein said analyzing means is 
operable to determine the nature of said transaction data that needs approval and to select said 
one of said one or more approvers in dependence on that determination. 

546. (Previously Presented) The system of claim 545 wherein said analyzing means is 
operable to determine the nature of said transaction data that needs approval by identifying at 
least one of the identity of the transmitter of said data, the identity of the intended recipient of 
said data, the work station from which said data is to be transmitted, the sum for which a 
transaction is to be made, and the account against which the transaction is to be made. 

547. (Previously Presented) The system of claim 540 wherein said analyzing means is 
operable to determine whether a secure link has been negotiated between said application and a 
remote site on said network, and to identify said outbound data or said inbound data as 
transaction data, if it is transmitted on a secure link. 
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548. (Previously Presented) The system of claim 547 wherein said network is the Internet, 
and said rules of said policy data define the addresses of web sites or e-mail accounts that 
negotiate secure links for the transmission of data but which are known not to be eCommerce 
sites or accounts, said analyzing means being operable to disregard said outbound data 
transmitted to those web sites or accounts or said inbound data received from those web sites or 
accounts, such that no approval is required. 

549. (Previously Presented) The system of claim 540 wherein said analyzing means is 
operable to identify transaction data by reference to said rules of said policy data, said rules of 
said policy data defining the addresses of known eCommerce web sites and e-mail accounts. 

550. (Previously Presented) The system of claim 540 wherein said analyzing means is 
operable to identify credit card numbers in said outbound data or said inbound data, and to 
identify outbound data or inbound data that contains a credit card number as transaction data. 

551. (Previously Presented) The system of claim 550 wherein said policy data specifies pre- 
determined credit card numbers that can never be transmitted. 

552. (Previously Presented) The system of claim 540 wherein said analyzing means is 
operable to identify transaction data by reference to said rules of said policy data, said rules of 
said policy data defining one or more of pre-determined digital certificates, account codes, pre- 
determined keywords, pre-determined names and addresses and embedded codes. 

553. (Previously Presented) The system of claim 540 wherein said analyzing means is 
operable to identify embedded codes in said inbound data, said embedded codes having been 
placed in said inbound data to mark said inbound data as transaction data. 

554. (Previously Presented) The system of claim 540 wherein said application is operable 
such that a user of said application can indicate said outbound and said inbound data that is part 
of a transaction, said analyzing means being operable to identify said outbound and said inbound 
data so indicated. 

555. (Previously Presented) The system of claim 540 wherein said analyzing means is located 
on each of said one or more workstations. 
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556. (Previously Presented) The system of claim 540 wherein said application is a web 
browser. 

557. (Previously Presented) The system of claim 556 wherein said analyzing means is a plug- 
in module of said web browser. 

558. (Previously Presented) The system of claim 557 wherein said web browser is 
Microsoft's Internet Explorer and said analyzing means is a Browser Helper Object. 

559. (Previously Presented) The system of claim 540 wherein said application is an e-mail 
client. 

560. (Previously Presented) The system of claim 559 wherein said analyzing means is a plug- 
in module of said e-mail client. 

561. (Previously Presented) The system of claim 560 wherein said e-mail client is Microsoft's 
Outlook e-mail client and said analyzing means is a Microsoft Exchange client extension. 

562. (Previously Presented) The system of claim 540 wherein said network comprises a 
server and said analyzing means is located at a point on said network intermediate said one or 
more workstations and said server, or said analyzing means is located at said server. 

563. (Previously Presented) The system of claim 540 wherein said computer network to 
which said one or more workstations are adapted for connection is a public computer network, 
and wherein said one or more workstations together form a private computer network. 

564. (Previously Presented) The system of claim 540 further comprising a supervisor 
workstation, said policy data being accessible by said supervisor workstation, such that a user of 
said supervisor workstation can edit said policy data. 

565. (Previously Presented) An information management system comprising: 

one or more workstations adapted for connection to a computer network, each 
workstation having a memory; 

application means, stored in said memory of each workstation, for receiving at least 
inbound data from said network; 
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analyzing means, being operable in conjunction with said application means, for 
monitoring said inbound data to identify in at least said inbound data signed data that has been 
digitally signed with a digital certificate, for extracting one or more details of said signed data 
and for determining whether or not verification is required for said digital certificate; 

policy storage means, accessible by said analyzing means, for storing policy data 
containing rules which define whether or not verification is required for said digital certificate; 

and wherein said analyzing means determines whether or not verification is required for 
said digital certificate in dependence on said rules of said policy data and in dependence on said 
one or more details of said signed data extracted by said analyzing means. 

566. (Previously Presented) The system of claim 565 wherein said verification for said digital 
certificate includes determining whether said digital certificate has been revoked. 

567. (Previously Presented) The system of claim 566 wherein said analyzing means is further 
operable to determine whether said signed data is part of an eCommerce transaction, and if it is, 
to determine the amount of money that is promised in that eCommerce transaction, 

wherein said verification for the digital certificate also includes determining whether said 
digital certificate can be taken as a guarantee of receiving the amount of money promised in said 
eCommerce transaction. 

568. (Previously Presented) The system of claim 565 wherein said analyzing means is 
operable to extract as one or more details of said signed data, one or more of said digital 
certificate holder's identity, the expiry date of said digital certificate, the issue number of said 
digital certificate, and the domain name from which the signed data was received, and wherein 
said rules of said policy file define whether or not verification for said digital certificate is 
required in dependence on the one or more details extracted by said analyzing means. 

569. (Previously Presented) The system of claim 565 wherein said analyzing means is 
operable to determine whether or not an eCommerce transaction is occurring, and to extract, as 
one or more details of said signed data, the amount of any transaction being made with said 
digital certificate, the account code from which any payment is being made, a credit card 
number, one or more indicators of the nature of the transaction, and wherein said rules of said 



US 1 DOCS 5045076vl 



U.S. Patent Application No. 09/923,704 
Reply to Office Action Dated January 6, 2005 
Page 85 

policy file define whether or not verification is required for a digital certificate in dependence on 
the one or more details extracted by said analyzing means. 

570. (Previously Presented) The system of claim 569 further comprising a data repository in 
which, digital certificates used to digitally sign any previously received signed data or sufficient 
descriptive data to identify any such digital certificates, and transaction data describing any 
previous transactions made with those digital certificates are stored, 

said transaction data being at least one or more of the date of any previous transactions 
made with a digital certificate, and the amount of any previous transaction made with that digital 
certificate, 

and wherein said rules of said policy file define whether or not verification for said 
digital certificate is required in dependence on said transaction data. 

571. (Previously Presented) The system of claim 565 further comprising a data repository, 
accessible by said analyzing means, wherein said analyzing means is operable to identify any 
digital certificates that are used to digitally sign signed data in at least said inbound data, and to 
cause any such digital certificates, or sufficient descriptive data to identify such digital 
certificates to be stored in said data repository. 

572. (Previously Presented) The system of claim 571 wherein said analyzing means is 
operable, to record the results of any verification for an digital certificate in said data repository 
together with said digital certificate or together with said descriptive data. 

573. (Previously Presented) The system of claim 572 wherein said analyzing means is 
operable, if it identifies a digital certificate in said inbound data, to determine whether said 
digital certificate has been previously stored in said data repository, or whether said descriptive 
information identifying said digital certificate has been stored in said data repository, and if said 
digital certificate has been previously stored, to look-up the results of any previous verification 
of whether said digital certificate has been revoked, wherein said analyzing means determines 
whether or not to verify if said digital certificate has been revoked in dependence on said results 
of any previous verification of whether said identified digital certificate has been revoked. 

574. (Previously Presented) The system of claim 565 wherein said analyzing means is further 
operable to verify whether or not a digital certificate has been revoked, and wherein said 
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application means is operable to prevent said inbound data being viewed by a user of said 
application means if said analyzing means determines that said digital certificate has been 
revoked. 

575. (Previously Presented) The system of claim 565 wherein said analyzing means is further 
operable to verify whether or not a digital certificate has been revoked, and said application 
means is operable to notify a user of said application means that said inbound data is not to be 
relied upon if said analyzing means determines that said digital certificate has been revoked. 

576. (Previously Presented) The system of claim 565 wherein said analyzing means is located 
on each of said one or more workstations. 

577. (Previously Presented) The system of claim 565 wherein said application means is a web 
browser. 

578. (Previously Presented) The system of claim 577 wherein said analyzing means is a plug- 
in module of said web browser. 

579. (Previously Presented) The system of claim 578 wherein said web browser is 
Microsoft's Internet Explorer and said analyzing means is a Browser Helper Object. 

580. (Previously Presented) The system of claim 565 wherein said application means is an e- 
mail client. 

581. (Previously Presented) The system of claim 580 wherein said analyzing means is a plug- 
in module of said e-mail client. 

582. (Previously Presented) The system of claim 581 wherein said e-mail client is Microsoft's 
Outlook e-mail client and said analyzing means is a Microsoft client extension. 

583. (Previously Presented) The system of claim 565 wherein said network comprises a 
server, and said analyzing means is located at a point on said network intermediate said one or 
more workstations and said server, or said analyzing means is located at said server. 

584. (Previously Presented) The system of claim 565 wherein said computer network to 
which said one or more workstations are adapted for connection is a public computer network, 
and wherein said one or more workstations together form a private computer network. 
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585. (Previously Presented) The system of claim 565 further comprising a supervisor 
workstation, said policy data being accessible by said supervisor workstation, such that a user of 
said supervisor workstation can edit said policy data. 
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